Paystand lets merchants embed checkout links in third-party systems. By default, links use secure, non-sequential identifiers only:
- BC internal GUIDs for Customers and Posted Sales Invoices
- Paystand IDs
You may optionally allow BC external numbers (the sequential “No.” fields) for compatibility with external tools.
Security exposure
External numbers are sequential and therefore guessable. If enabled in checkout URLs, a third party could increment values to discover other customers or invoices. This increases the risk of exposing records to payers who should not have access.
Important
- Keep both toggles OFF unless required for external integrations
- Use BC internal GUIDs or Paystand IDs whenever possible
Responsibility and disclaimer
If external numbers are enabled:
The merchant acknowledges and accepts the security risk
The merchant is responsible for managing link distribution
The merchant must ensure any third-party system embedding links is protected
The merchant should disable the option immediately if a risk is identified
Enable or Disable External Numbers
In the Paystand Dashboard, open Settings
Under MS Business Central Settings, find Payment Experience Settings
Allow external Sales Invoice numbers
Toggle Support BC External Sales Invoice ID.
OFF (recommended): Only BC internal GUIDs and Paystand IDs work in invoice links.
ON: Links can also use the BC Posted Sales Invoice No.
Allow external Customer numbers
Toggle Support BC External Customer ID.
OFF (recommended): Only BC internal GUIDs and Paystand IDs work in customer links.
ON: Links can also use the BC Customer No.
For details on the payment link structure, please contact Paystand Support or your Implementation Engineer.