What is UUID/GUID?
UUID (Universally Unique Identifier) and GUID (Globally Unique Identifier) are interchangeable terms for 128-bit unique identifiers. Created to generate unique IDs without requiring central coordination, they are widely used in databases, REST APIs, and distributed systems.
UUID Versions
UUID v4 - Random (Recommended)
Generated randomly using strong cryptography. Collision probability: ~1 in 2¹²² (trillions of trillions). Ideal for most cases: primary keys, session tokens, resource identifiers.
Example: 550e8400-e29b-41d4-a716-446655440000
UUID v1 - Timestamp-based
Includes timestamp (60 bits) + computer's MAC address (48 bits) + counter. Advantage: chronologically sortable. Disadvantage: reveals system information (MAC address, creation time).
Example: 6ba7b810-9dad-11d1-80b4-00c04fd430c8
Other Versions (v3, v5, v6, v7)
v3/v5: Generated by hash (MD5/SHA-1) of a namespace + name. Deterministic (same input = same UUID). v6/v7: Recent proposals that combine sortable timestamp with secure randomness.
Example:
Common Use Cases
🗄️ Database Primary Keys
Replace auto-increment with UUIDs to facilitate data merging between environments (dev, staging, prod) and horizontal sharding. MongoDB, PostgreSQL, and MySQL support it natively.
🔗 REST Resource URLs
/api/users/550e8400-e29b-41d4-a716-446655440000
UUIDs in URLs prevent enumeration attacks and keep URLs unpredictable.
🎫 Session and Authentication Tokens
OAuth tokens, session IDs, reset tokens. UUIDs are cryptographically secure and impossible to guess (unlike numeric sequences).
📦 Event/Message Identifiers
Event tracking in microservices, message queues (RabbitMQ, Kafka), distributed logs. Correlation IDs between services.
📁 Unique Filenames
Image uploads, backups, temporary files. Prevents conflicts and allows simultaneous uploads without locking.
UUID vs Auto-increment: Pros and Cons
| Feature | UUID | Auto-increment (INT) |
|---|---|---|
| Size | 16 bytes (128 bits) | 4 bytes (32 bits) or 8 bytes (64 bits) |
| Distributed generation | ✓ Yes, without coordination | ✗ Requires central control |
| Predictability | Unpredictable (secure) | Predictable (enumeration risk) |
| Index performance | Slower (128 random bits) | Faster (sequential, cache-friendly) |
| Chronological ordering | No (v4), Yes (v1, v6, v7) | Yes (sequential) |
| Database merging | ✓ Trivial (no collision) | ✗ Complex (ID conflicts) |
| Ideal for | Distributed systems, APIs, security | Monolithic systems, critical performance |
How to use UUID in different languages
JavaScript/Node.js
// Native (Node.js 14.17+)
import { randomUUID } from 'crypto';
const uuid = randomUUID();
// With 'uuid' library
import { v4 as uuidv4 } from 'uuid';
const uuid = uuidv4();Python
import uuid # UUID v4 uuid_v4 = uuid.uuid4() print(uuid_v4) # 550e8400-e29b-41d4-a716-446655440000 # UUID v1 uuid_v1 = uuid.uuid1() print(uuid_v1) # 6ba7b810-9dad-11d1-80b4-00c04fd430c8
Java
import java.util.UUID; // Random UUID UUID uuid = UUID.randomUUID(); System.out.println(uuid.toString());
PostgreSQL
-- Enable extension CREATE EXTENSION IF NOT EXISTS "uuid-ossp"; -- Generate UUID SELECT uuid_generate_v4(); -- Create table with UUID CREATE TABLE users ( id UUID PRIMARY KEY DEFAULT uuid_generate_v4(), name VARCHAR(100) );
FAQ - Frequently Asked Questions
1. Are UUIDs truly unique? Can there be collisions?
UUIDs v4 have 2¹²² possible combinations. The chance of collision is astronomically low (1 in 5 billion after generating 1 billion UUIDs). For practical purposes, consider them unique. Modern databases detect collisions through UNIQUE constraints.
2. Is UUID v1 safe? Can I use it in production?
UUID v1 reveals creation timestamp and machine's MAC address, considered information leakage. Don't use for security tokens or in contexts where privacy is critical. Prefer v4 for security, or v6/v7 if you need chronological ordering without exposing MAC address.
3. Does UUID impact database performance?
Yes, but generally acceptable. Random UUIDs cause B-tree index fragmentation (not sequential). For PostgreSQL, use UUID v7 or ULID (Universally Unique Lexicographically Sortable Identifier). For extreme performance cases (billions of records), stick with auto-increment.
4. Should I use hyphens or remove them?
Depends on context. With hyphens (RFC 4122 standard): more readable, compatible with standard libraries. Without hyphens: saves 4 bytes in string storage, useful for short URLs or tokens. PostgreSQL stores binary (16 bytes) regardless of formatting.
5. Can I use UUID as a URL shortener?
Technically yes, but inefficient. UUIDs have 36 characters (with hyphens) or 32 without. For URL shorteners, use shorter encodings: base62 (A-Za-z0-9) generates 6-8 character IDs, sufficient for billions of URLs.
6. Does UUID work in offline systems?
Yes! It's one of the main advantages. Offline clients (mobile apps, IoT) generate UUIDs locally without server connection. When they sync, there are no ID conflicts. Ideal for CRDTs and multi-device sync.