As a Dynamics 365 Business Central ISV (Independent Software Vendor), you are constantly balancing the thin line between collaboration and protection. In a tech world that increasingly praises open-source culture, the decision to shield your extension’s source code, typically by setting “showMyCode”: false in your app.json, can sometimes face pushback from partners or customers.
However, protecting your AL code isn’t about a lack of transparency. It is a strategic, socio-technical necessity designed to safeguard intellectual property, ensure system stability, and guarantee scalability.
Here is a look at why keeping your Business Central code under wraps is the ultimate win-win for both ISVs and the ecosystem.
Intellectual Property & the Competitive Moat
- The Commercial Angle: Your source code is the tangible manifestation of your R&D investment. If competitors or implementation partners gain unrestricted access to your AL files, your proprietary business logic, industry-specific algorithms, and unique workflows can easily be reverse-engineered or copied. This instantly erodes your hard-earned competitive advantage.
- The Technical Angle: In Business Central, the true value often lies in the underlying architecture: how table extensions are optimized, how heavy financial or logistical calculations are efficiently pushed to the SQL database, and how external API integrations are orchestrated. Protecting the code prevents others from taking a shortcut on architectural design at your expense.
Scalable Support & Upgradability (SaaS Integrity)
- The Commercial Angle: When a customer buys an ISV app, they are buying a guarantee that it works. If third parties can view, modify, or fork the code, the ISV loses control over the product. Yet, when something breaks, the blame (and the urgent support tickets) almost always lands back on the ISV.
- The Technical Angle: Microsoft enforces a strict upgrade rhythm for Business Central SaaS, with major releases every six months. ISVs continuously test their apps against future releases to ensure they are Next-Major Ready. If a partner modifies your code locally, automatic cloud updates will fail, potentially halting the customer’s entire ERP system. Restricting code access prevents these unauthorized, brittle modifications.
Security, Compliance, and Data Integrity
- The Commercial Angle: ERP systems house a company’s most sensitive operational and financial data. A security breach can ruin an ISV’s reputation overnight.
- The Technical Angle: While open-source code can benefit from public scrutiny, commercial ERP environments face unique risks. If inexperienced developers or bad actors can inspect exactly how data validations, encryption routines, or Isolated Storage API keys are coded, it becomes significantly easier to find and exploit security loopholes or bypass standard business rules.
Monetization and License Enforcement
- The Commercial Angle: Business Central ISVs scale through subscription models (per-user/per-month via AppSource). If the code is wide open, the financial foundation of the product is put at risk.
- The Technical Angle: Most ISVs implement licensing validation within their AL code (e.g., verifying subscriptions via an Azure Function). If the source code is visible, a developer could simply comment out or delete the license-checking logic, recompile the app under a different GUID, and deploy it for free.
The Modern BC Way: Extensibility Over Modifiability
- The Commercial & Technical Alignment: In the legacy Dynamics NAV era (C/SIDE), modifying standard or third-party code was the norm. However, Business Central was built on a modern Extensibility Model.
An ISV does not need to expose its source code for others to build upon it. By strategically placing Integration Events throughout their AL code, ISVs allow partners and customers to “hook” into the application’s logic. This enables seamless customization without exposing or altering the underlying intellectual property.
| Business driver | Risk of Open Source Code | Reward of Protected Code |
| Revenue | High risk of code-cloning and bypassed licensing. | Secure recurring revenue via AppSource/Microsoft Marketplace. |
| Support | High overhead tracking bugs caused by external edits. | Standardized codebase = predictable & scalable support. |
| Upgrades | Failed tenant updates due to local code forks. | Seamless, automated SaaS upgrades by Microsoft. |
| Innovation | Competitors copy features immediately. | ISV maintains its first-mover advantage. |
The Bottom Line
Keeping your AL code secure is not a barrier to collaboration; it is a framework for stability. By leveraging integration events instead of source code exposure, Business Central ISVs can deliver highly extensible solutions while protecting the intellectual property that fuels their innovation.