Developer Tools

UUID Generator Guide for Developers

· QuickToolFlow
uuid programming web development databases api design

When building applications that need unique identifiers — database records, API tokens, file names — you need a way to generate IDs that will not collide. That is exactly what UUIDs solve.

What Is a UUID?

A UUID (Universally Unique Identifier) is a 128-bit identifier represented as a 32-character hexadecimal string, typically displayed in 5 groups separated by hyphens:

550e8400-e29b-41d4-a716-446655440000

The format is xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx where M indicates the UUID version and N indicates the variant.

Why Are UUIDs Important?

Globally unique without coordination. Unlike auto-incrementing integers, UUIDs can be generated independently on different servers without any risk of collision. The probability of generating two identical UUID v4 values is astronomically small.

Safe to expose publicly. Sequential IDs let competitors estimate your data volume. UUIDs reveal nothing.

Distributed-friendly. In microservices or multi-database architectures, you need IDs that are unique across all systems. UUIDs solve this without a central coordinator.

Can be generated client-side. Frontend applications can generate UUIDs before sending data to the server, which is useful for optimistic UI updates.

UUID Versions

UUID v1 — Time-Based

Generated from the current timestamp and the MAC address of the computer. Unique and ordered, but exposes both the creation time and the machine’s hardware address.

UUID v4 — Random

The most commonly used version. Generated using random or pseudo-random numbers.

In JavaScript, the simplest way is using the built-in API:

const id = crypto.randomUUID();

Or a manual implementation:

function uuid() {
  var s = [];
  var hexDigits = '0123456789abcdef';
  for (var i = 0; i < 36; i++) {
    s[i] = hexDigits.substr(Math.floor(Math.random() * 0x10), 1);
  }
  s[14] = '4';
  s[19] = hexDigits.substr((s[19] & 0x3) | 0x8, 1);
  s[8] = s[13] = s[18] = s[23] = '-';
  return s.join('');
}

Position 14 is hardcoded to 4 to mark it as version 4, and position 19 is constrained to ensure the correct variant.

Do Not Use Math.random() for Production UUIDs

The manual example above is useful for understanding the shape of a UUID, but production identifiers should use a trusted library or built-in cryptographic API.

In browsers and modern JavaScript runtimes, prefer:

crypto.randomUUID();

Math.random() is not designed for security-sensitive randomness. Even when an ID is not secret, weak generation can increase collision risk or make identifiers easier to predict.

UUID v5 — Name-Based (SHA-1)

Generated from a namespace and a name using the SHA-1 hash algorithm. The same namespace plus name always produces the same UUID, making it deterministic.

UUID v4 vs Deterministic UUIDs

Use UUID v4 when you want a fresh random ID every time.

Use a deterministic UUID version, such as v5, when the same input should always map to the same identifier. That can be useful for migrations, imports, namespace-based references, or deduplicating known names.

Do not use deterministic UUIDs when unpredictability matters. If the input is guessable, the output can be reproduced.

Generating UUIDs in Different Languages

LanguageMethod
JavaScript (browser)crypto.randomUUID()
Node.jsrequire(‘uuid’).v4()
Pythonimport uuid; uuid.uuid4()
JavaUUID.randomUUID()
Gouuid.New() from github.com/google/uuid
C#Guid.NewGuid()
RubySecureRandom.uuid
Shellcat /proc/sys/kernel/random/uuid

UUIDs vs Other ID Strategies

StrategyProsCons
Auto-increment integerSimple, fast, orderedPredictable, not distributed-safe
UUID v4Globally unique, no coordinationLarger (36 chars), not sortable by time
UUID v1Time-sortable, uniqueExposes timestamp and MAC address
ULIDTime-sortable and uniqueNewer standard, less tooling
SnowflakeTime-sortable and distributedRequires worker ID coordination

UUIDs Are Identifiers, Not Secrets

UUIDs are often safe to expose as public object IDs, but they should not be treated as access control.

For example:

/files/550e8400-e29b-41d4-a716-446655440000

The UUID can identify the file. The application still needs to check whether the current user is allowed to view it.

If a value grants access by itself, use a properly generated secret token and expiration rules rather than a normal UUID.

Best Practices

  1. Use UUID v4 for most cases. It is the simplest and most widely supported.
  2. Use a proper library for production. Built-in random number generators may not provide sufficient entropy.
  3. Index UUIDs carefully in databases. Random UUIDs cause index fragmentation. Consider UUID v7 (time-ordered) or ULID for primary keys.
  4. Store as binary instead of string in MySQL to save space.

Database Considerations

UUID strings are larger than integer IDs. That does not make them bad, but it does affect storage, indexes, and readability.

For database-heavy systems, consider:

  • whether the UUID is the primary key or a public external ID
  • whether the database supports native UUID types
  • whether random inserts affect index locality
  • whether time-ordered IDs would help write performance
  • whether logs and support tools need shorter human-readable references

Many applications use both: an internal numeric key for storage and a public UUID for external references.

Generate UUIDs Instantly

Use our free UUID Generator to generate RFC 4122 compliant UUID v4 identifiers. You can bulk generate up to 100 UUIDs at once. Everything runs in your browser with no data sent to any server.

Conclusion

UUIDs are the standard for generating unique identifiers in distributed systems. For most applications, UUID v4 is the right choice. It is simple, universally supported, and practically collision-free.

Keep going

Related tools and guides

All tools