UUID Generator

What is a UUID?

A UUID (Universally Unique IDentifier) is a 128-bit number used to uniquely identify information in computer systems. UUIDs are standardized by the Open Software Foundation (OSF) as part of the Distributed Computing Environment (DCE). They're also known as GUIDs (Globally Unique IDentifiers) in Microsoft systems.

UUIDs are represented as 32 hexadecimal digits, displayed in five groups separated by hyphens, in the form 8-4-4-4-12, for a total of 36 characters including hyphens. For example: 550e8400-e29b-41d4-a716-446655440000

UUID Version 1 vs Version 4

Common Use Cases for UUIDs

1. Database Primary Keys

UUIDs are excellent for distributed databases where multiple systems need to generate IDs independently without coordination:

CREATE TABLE users (
    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
    username VARCHAR(50) NOT NULL,
    email VARCHAR(255) NOT NULL
);

2. API Resource Identifiers

RESTful APIs often use UUIDs to identify resources, making URLs non-guessable and preventing enumeration attacks:

https://api.example.com/users/550e8400-e29b-41d4-a716-446655440000

3. Session IDs and Tokens

UUIDs provide sufficient randomness for secure session identifiers and authentication tokens:

session_id: 7c9e6679-7425-40de-944b-e07fc1f90ae7
csrf_token: 3d6f8b5a-9c12-4e3f-a456-7b8c9d0e1f2a

4. File and Object Names

Prevent name collisions in distributed file systems or cloud storage:

uploads/550e8400-e29b-41d4-a716-446655440000.jpg

5. Message Queue IDs

Uniquely identify messages in distributed queuing systems like RabbitMQ or Kafka:

message_id: 3d6f8b5a-9c12-4e3f-a456-7b8c9d0e1f2a

UUID Best Practices

Practice	Recommendation	Reason
Version Selection	Use v4 by default	Better privacy, no MAC address leakage
Database Indexing	Consider clustered indexes	Random UUIDs can fragment indexes
URL Usage	Use lowercase	Some systems are case-sensitive
Storage	Store as binary (16 bytes)	More efficient than 36-char string
Validation	Always validate format	Prevent invalid data entry

Programming with UUIDs

Python

import uuid

# Generate UUID v4
uuid4 = uuid.uuid4()
print(str(uuid4))

# Generate UUID v1
uuid1 = uuid.uuid1()
print(str(uuid1))

# Validate UUID
try:
    uuid.UUID('550e8400-e29b-41d4-a716-446655440000')
    print("Valid UUID")
except ValueError:
    print("Invalid UUID")

JavaScript/Node.js

const { v4: uuidv4, v1: uuidv1 } = require('uuid');

// Generate UUID v4
const uuid4 = uuidv4();
console.log(uuid4);

// Generate UUID v1
const uuid1 = uuidv1();
console.log(uuid1);

PostgreSQL

-- Enable UUID extension
CREATE EXTENSION IF NOT EXISTS "uuid-ossp";

-- Generate UUID v4
SELECT uuid_generate_v4();

-- Generate UUID v1
SELECT uuid_generate_v1();

UUID Collision Probability

One common concern is: "What if two systems generate the same UUID?" While theoretically possible, the probability is astronomically low:

UUID Security Considerations

Do's:

• Use v4 for sensitive data: Random generation prevents information leakage
• Use for API keys: Combined with proper authentication
• Store securely: Hash or encrypt if needed
• Validate input: Always check format before processing

Don'ts:

• Don't use alone for security: UUIDs aren't cryptographically secure tokens
• Don't expose v1 publicly: Can reveal MAC address and timestamp
• Don't assume ordering: v4 UUIDs are random and not sortable
• Don't use for passwords: Use proper hashing algorithms instead