The Quick Answer
A UUID (Universally Unique Identifier) is a 128-bit identifier format used to label records uniquely across systems without a central ID server.
Canonical format: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
Example: 550e8400-e29b-41d4-a716-446655440000
If you need IDs across multiple services, databases, or offline clients, UUIDs let each component generate IDs independently.
Key Takeaways
- UUIDs are identifiers, not encryption.
- UUID and GUID usually refer to the same thing.
- UUID v4 is random; UUID v7 is time-ordered.
- For large database indexes, v7 is often more write-friendly than v4.
- A canonical UUID string is 36 characters (including hyphens).
Why UUIDs Exist
Traditional auto-increment IDs (1, 2, 3...) have problems:
- Predictable: IDs can be enumerated.
- Central coordination: Multi-service systems need a single allocator.
- Merge collisions: Merging independent datasets can produce conflicts.
UUIDs solve these by generating IDs independently that won't collide.
UUID Structure
A UUID has 32 hexadecimal characters split into 5 groups:
550e8400-e29b-41d4-a716-446655440000
│ │ │ │ │
│ │ │ │ └── Node (48 bits)
│ │ │ └─────── Clock sequence (16 bits)
│ │ └──────────── Version + Time high (16 bits)
│ └───────────────── Time mid (16 bits)
└────────────────────────── Time low (32 bits)
The first hex character of the third group encodes the version.
UUID Versions
UUID v1: Time + Node Identifier
550e8400-e29b-11d4-a716-446655440000
^
Version 1
- Uses timestamp-based components.
- Mostly time-sortable.
- Can expose creation patterns and host-derived metadata.
UUID v4: Random (Most Common)
550e8400-e29b-41d4-a716-446655440000
^
Version 4
- Uses 122 random bits.
- Popular default for APIs and distributed systems.
- No embedded timestamp in the identifier.
UUID v7: Time-Ordered + Random
0194f8e0-5b85-7d4b-a6fd-3d34a25f6134
^
Version 7
- Encodes Unix-time information plus randomness.
- Better index locality for many database workloads.
- Useful when sorted-by-created-time behavior matters.
UUID v4 vs v7 at a Glance
| Feature | UUID v4 | UUID v7 |
|---|---|---|
| Core property | Random | Time-ordered + random |
| Sort by creation time | No | Usually yes |
| Index locality | Lower | Higher |
| Predictability | Very low | Low, but time prefix is visible |
| Common fit | Public IDs, API records | High-write DB primary keys |
Collision Probability
For UUID v4, collisions are theoretically possible but extremely rare.
- Rough intuition: around
2.7e18generated values gives about a 50% collision chance (birthday bound). - Practical intuition: generating 1 billion UUIDs per second for decades is still unlikely to collide.
For normal software systems, collision risk is negligible when UUIDs are generated correctly.
When to Use UUIDs
| Use Case | UUID? | Why |
|---|---|---|
| Database primary keys | Yes | Good for distributed writes |
| API resource IDs | Yes | Harder to enumerate than integers |
| Event IDs across services | Yes | Avoid central coordination |
| Short URLs | No | Too long for user-facing slugs |
| Human-friendly invitation codes | No | Poor readability |
UUID vs Auto-Increment
| Feature | UUID | Auto-Increment |
|---|---|---|
| Length | 36 characters | Variable |
| Sortable | v7 often yes | Yes |
| Predictable | No | Yes |
| Distributed | Yes | No |
| Index performance | Slower | Faster |
| URL-friendly | No | Yes |
How to Generate and Validate UUIDs
- Generate with a cryptographically secure method in your runtime.
- Store as a native UUID type when supported (or fixed-length text/binary).
- Validate inbound values before persistence or lookup.
- Normalize representation (lowercase and canonical hyphens) if needed.
UUIDs in Databases
-- PostgreSQL has native UUID type
CREATE TABLE users (
id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
name TEXT
);
-- MySQL
CREATE TABLE users (
id CHAR(36) PRIMARY KEY,
name VARCHAR(255)
);
Performance tip: Random UUID v4 can fragment B-tree indexes. For high-write tables, UUID v7 is often a better default.
Common Mistakes
- Treating UUIDs as secrets. They are identifiers, not authorization controls.
- Assuming all UUID versions behave the same. Version choice affects sorting and metadata leakage.
- Storing UUIDs in inconsistent formats across services.
- Using UUIDs where short human-readable IDs are required.
- Skipping input validation and accepting malformed IDs.
FAQ
What is a UUID in simple terms?
A UUID is a standardized 128-bit identifier that can be generated independently and still be practically unique.
UUID vs GUID: is there a difference?
Usually no. GUID is a common platform term for the same identifier format.
Is UUID v4 or v7 better?
It depends on your goal. Use v4 for pure randomness and v7 when time ordering/index locality matters.
Can UUIDs collide?
Yes in theory, but the probability is extremely low for correctly generated UUID v4 values.
Are UUIDs secure tokens?
Not by themselves. Use dedicated auth/session mechanisms for access control.
Can I use UUID as a database primary key?
Yes. It is common in distributed systems, with storage/index tradeoffs compared with integer keys.
How do I know if a UUID is valid?
Check length, hexadecimal characters, hyphen placement, and expected version/variant bits.
What is the standard UUID string length?
36 characters with hyphens, or 32 hex characters without hyphens.
Is a UUID the same as SHA-256 hash output?
No. They solve different problems and have different structures.
When should I avoid UUIDs?
Avoid them for short, human-readable public codes where compactness and manual entry are priorities.
UUID Generator
Generate RFC-compliant UUID v4 values in your browser with one-click copy.
Generate UUIDRelated Tools
- Hash Generator - Compare hash outputs and see why hashes are not UUIDs
- JWT Decoder - Inspect token payloads and claims safely
- Password Generator - Generate high-entropy random strings