The String That Is (Almost) Unique in the Universe
A UUID looks like this: 550e8400-e29b-41d4-a716-446655440000
Thirty-two hexadecimal characters, split into five groups by hyphens, 36 characters total. It is generated by an algorithm that produces values so unlikely to repeat that, for practical purposes, every UUID ever generated is unique — not just on your system, but globally.
UUID stands for Universally Unique Identifier. Understanding when and why to use them is one of the more practical pieces of software knowledge that applies across every technology stack.
Why Not Just Use 1, 2, 3?
Sequential integers are the simplest way to identify records in a database. The first user is ID 1, the second is ID 2, and so on. Databases handle this automatically with auto-increment columns.
Sequential integers have real problems in certain contexts:
They expose information. If your user ID is 4 and someone else's is 10, that tells you the platform has at least 10 users. If your order ID is 1042, an attacker can enumerate all orders by incrementing the ID. This is a security and business intelligence leak.
They do not work across distributed systems. If you have two database servers both inserting records independently (for performance or availability), sequential integers will collide. Both servers might independently assign ID 42 to different records. UUIDs, generated independently by each system using random values, will not collide.
They create coupling between systems. When you merge two databases or import data from an external system, integer IDs almost certainly conflict. UUIDs from different systems can be merged without collisions.
UUID Versions
There are several UUID versions, each generated differently:
Version 1 — Based on the current timestamp and the MAC address of the network card. Guaranteed to be unique (no two UUIDs generated at the same time on the same machine can be equal) but reveals both the time of generation and the device. Privacy concern in some contexts.
Version 4 — Completely random (except for a few bits that identify it as a v4 UUID). This is the most widely used version. It has no relationship to time or machine identity. The randomness comes from a cryptographically secure random number generator. There are 2¹²² possible v4 UUIDs — approximately 5.3 × 10³⁶. The chance of generating the same UUID twice at random is astronomically small.
Version 7 — Introduced in 2022. Starts with a timestamp (like v1) but uses random data for the rest (like v4). This means v7 UUIDs sort chronologically, which is a significant database performance advantage — inserting sequential v7 UUIDs into a B-tree index causes far fewer index page splits than random v4 UUIDs. Many modern databases and ORM frameworks are moving toward v7.
Version 3 and Version 5 — Deterministic. Generated from a namespace plus a name using MD5 (v3) or SHA-1 (v5) hashing. Given the same inputs, they always produce the same UUID. Useful for generating stable IDs for known entities.
Common Uses for UUIDs
Database primary keys. Most common use. Especially appropriate when data is distributed, when records are created offline (and synced later), or when exposing the ID publicly (in URLs or APIs).
API keys and tokens. A v4 UUID is unpredictable enough to serve as a basic API key. It is not a substitute for a properly designed authentication system, but for simple cases it provides sufficient randomness.
File names. When uploading files to a storage service, using a UUID as the file name prevents collisions and avoids exposing the original file name (which might contain sensitive information).
Idempotency keys. In payment processing and other critical operations, an idempotency key ensures that if the same request is submitted twice (due to network retry), it is only processed once. UUIDs make good idempotency keys because they are unique per request.
Session IDs. Web application sessions use random IDs to prevent session hijacking. UUIDs provide sufficient randomness, though dedicated session management libraries often use additional measures.
How to Use the Toobits UUID Generator
Click Generate to create one or more RFC 4122-compliant UUID v4 strings instantly. Use the copy button for individual UUIDs, or generate in bulk and download as a file. All UUIDs are generated using the browser's crypto.getRandomValues API — cryptographically secure randomness, entirely local, nothing sent to any server.