1👍
Having a UUID to represent the user would be fine, but keep in mind it’s just a speed bump. E-mails aren’t safe and can be read by a 3rd party. Even with UUID’s someone can impersonate another. It sounds like it’s a rather low risk issue, though. What’s the worst case here? Do you have ways to mitigate it through customer support?
If you wanted to make things more secure, you’d just have a link that would require authentication to make changes to their order. It’s a balance between friction with your users and security.
It seems you have the right ideas already. I’d suggest not user pk’s just because they are often incremental and it’s easy to just iterate through all your customers. UUIDs just increases the number space significantly that it should deter people from doing it assuming there isn’t anything to be gained.