Configuration

Environment variables, Cloudflare settings, and service configuration.

Environment Variables

Configure 0list through your wrangler.toml file and Wrangler secrets.

    
wrangler.toml
 name = "0list"
main = "src/index.tsx"
compatibility_date = "2024-01-01"

[[d1_databases]]
binding = "DB"
database_name = "0list-db"
database_id = "your-database-id-here"

[vars]
# Optional: Default allowed origins for CORS
ALLOWED_ORIGINS = "https://yoursite.com,https://app.yoursite.com" 

Required Settings

Variable	Description
`DB`	D1 database binding (configured automatically)

Optional Settings

Variable	Description
`RESEND_API_KEY`	Resend API key for sending emails
`RESEND_FROM_EMAIL`	Default from email address
`RESEND_FROM_NAME`	Default from name
`ALLOWED_ORIGINS`	Comma-separated list of allowed CORS origins

Cloudflare Access Setup

The admin dashboard is protected by Cloudflare Access. You’ll need to configure an Access application to secure the /admin routes.

Note

Cloudflare Access is included free with all Cloudflare plans. You can use email OTP, social logins, or corporate identity providers.

Go to Cloudflare Zero Trust → Access → Applications

Click “Add an application” and select “Self-hosted”

Set the application domain to your worker URL (e.g., my-waitlist.workers.dev)

Add /admin/* as the path to protect

Configure an identity provider (email OTP works great for small teams)

Create an access policy allowing your team members

Resend Email Configuration

0list uses Resend for sending confirmation and welcome emails. The free tier includes 3,000 emails/month.

Create a Resend account

Add and verify your sending domain

Generate an API key

Add the API key as a Wrangler secret

Configuration

# Set via Wrangler secrets (recommended)
bunx wrangler secret put RESEND_API_KEY

# Or in wrangler.toml for development
[vars]
RESEND_API_KEY = "re_xxxxxxxxxxxx"
RESEND_FROM_EMAIL = "[email protected]"
RESEND_FROM_NAME = "Your Company"

Security

Always use wrangler secret put for API keys in production. Never commit secrets to your repository.

CORS & Allowed Origins

Configure CORS to allow your frontend domains to call the public API. Origins can be set globally or per-waitlist.

Per-Waitlist Configuration

In the admin dashboard, go to your waitlist’s Settings → Integrations tab to configure allowed origins for that specific waitlist.

Global Default

Set a default list of allowed origins in your wrangler.toml:

    
CORS Configuration
 [vars]
ALLOWED_ORIGINS = "https://example.com,https://app.example.com"

# The API will include CORS headers:
# Access-Control-Allow-Origin: https://example.com
# Access-Control-Allow-Methods: GET, POST, OPTIONS
# Access-Control-Allow-Headers: Content-Type 

Tip

For development, you can add http://localhost:3000 to your allowed origins.

Custom Domain

By default, your worker is accessible at your-worker.workers.dev. You can add a custom domain:

Go to Workers & Pages in the Cloudflare dashboard

Select your worker

Go to Settings → Domains & Routes

Add your custom domain (must be on Cloudflare DNS)

Next Steps

API Reference

Explore all API endpoints

Email Templates

Customize confirmation emails