P
Pickup Pals · Settings
i
One-time setup. Paste your API credentials below — they get saved to this browser only and never leave it. The dashboard, parser, and optimizer all read from here. Run a Test on each section before saving so you know it's working.
Channels
Connect the channels your customers message you through. Each connected channel feeds into the Inbox.
💬
SMS
Twilio · +61 434 411 372
Connected
Setup guide
  1. SMS is already connected via Twilio. Inbound and outbound messages flow automatically.
  2. To view or update the webhook, go to Twilio Console → Phone Numbers → Manage → your number → Messaging tab.
  3. The inbound webhook URL must be set to:
Inbound webhook URLhttps://pickup-pals-api.accounts-eae.workers.dev/sms/inbound
If you ever change Twilio numbers, update the Twilio webhook URL above and notify the team.
Email
Resend · hello@pickuppals.com.au
Pending
Setup guide
  1. Sign in at resend.com → Domains.
  2. Find pickuppals.com.au and click Verify. You'll see two DNS records to add (one TXT, one CNAME).
  3. Open Cloudflare DNS for pickuppals.com.au and add both records exactly as shown.
  4. Return to Resend and click Verify DNS Records. The domain status will turn green within a few minutes.
  5. Once verified, outbound emails from hello@pickuppals.com.au will work. Inbound email (replies coming into the Inbox) requires an inbound routing rule — contact us to set that up.
Domain verification is currently pending. Complete steps 2–4 to activate email sending.
Facebook Messenger
Connect your Facebook Page DMs
Not connected
Setup guide
  1. Go to developers.facebook.comMy Apps → Create App. Choose type Business.
  2. Add the Messenger product to the app.
  3. Under Messenger → Settings, connect your Pickup Pals Facebook Page and generate a Page Access Token.
  4. Under Webhooks, click Add Callback URL and enter:
Callback URLhttps://pickup-pals-api.accounts-eae.workers.dev/webhook/facebook
  1. Set the Verify Token to pickup-pals-verify and subscribe to the messages event.
  2. Paste your Page Access Token below and save.
📸
Instagram
Connect your Instagram DMs
Not connected
Setup guide
  1. Instagram DMs use the same Facebook Developer App as Messenger above — complete Facebook setup first.
  2. In your Facebook App, add the Instagram product.
  3. Connect your @pickuppalsaustralia Instagram account (must be a Professional account linked to your Facebook Page).
  4. Under Webhooks, subscribe to instagram_messages with callback URL:
Callback URLhttps://pickup-pals-api.accounts-eae.workers.dev/webhook/instagram
  1. Use the same Verify Token: pickup-pals-verify.
  2. Paste the Instagram Page Access Token below (often the same token as Facebook).

Integrations
API credentials used by the dashboard tools.
AAnthropic API
Powers run-sheet PDF parsing. Claude reads each PDF, extracts customer rows, items, addresses, flags. Used by the Run Sheets tool when it ships.
Not configured
Get one at console.anthropic.com · keep it secret
AAirtable
Your jobs source-of-truth. Run Sheets parser writes parsed jobs here, Optimizer reads jobs (HN + PUP) from here, and your existing invoicing flow keeps working unchanged.
Not configured
Get one at airtable.com/create/tokens · scopes needed: data.records:read, data.records:write, schema.bases:read
Open your Pickup Pals base in Airtable; the URL is airtable.com/appXXX.../... — that part is the Base ID
In Airtable, open the Customers table, expand the Harvey Norman Noosa record, and copy the rec... ID from the URL
GGoogle Maps API
Geocodes addresses and computes driving times for the Route Optimizer. Already configured if you've used the optimizer.
Not configured
Restrict by HTTP referrer in the Google Cloud Console to pickup-pals-ops.pages.dev/* for safety
🔒 Where do these credentials live?
These keys are saved in localStorage on this browser only. They never travel to a server, never get logged, never appear in any database. If you clear browser data or use a different machine, you'll need to paste them again. The same approach the Route Optimizer already uses for the Google Maps key.

One trade-off: any script running on this page can read localStorage, so a malicious browser extension could in theory read your keys. For this small internal tool with trusted users it's a reasonable risk. When we move to a proper backend (Cloudflare Functions / D1), keys will live server-side and the browser only ever sees results.