FreeTool
Developer Tools

UUIDs Explained: When to Use Them and How They Work

Learn what UUIDs are, the difference between versions, collision risk, and how to generate them safely for databases and APIs.

7 min read

Server room abstract

A UUID (Universally Unique Identifier) is a 128-bit label, usually written as xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Developers use UUIDs as primary keys, correlation IDs, and opaque tokens because they can be created without a central coordinator and still be extremely unlikely to collide.

Why not just use integers?

Auto-incrementing integers are simple and compact, but they leak information: competitors can guess how many orders you have, or scrape resources by iterating IDs. UUIDs are unguessable in practice and safe to expose in URLs and client-side code.

UUIDs are not a security feature by themselves. If you need authorization, still enforce it on the server.

Common UUID versions

Version How it is generated Typical use
v1 MAC address + timestamp Legacy; avoid if you care about privacy
v4 Random bits Default choice for new systems
v5 SHA-1 hash of a namespace + name Deterministic IDs from stable inputs

Most applications today use UUID v4 for primary keys. Some teams prefer ULIDs or Snowflake IDs for time-sortable strings; UUIDs remain the most widely supported.

Collision probability

With v4, the chance of a collision is astronomically low until you generate billions of IDs per second. For normal web apps, treating collisions as impossible is reasonable—as long as your random source is cryptographically strong (use the OS or language CSPRNG, not Math.random() for security-sensitive IDs).

// Browser: prefer crypto.randomUUID() when available
const id = crypto.randomUUID();
console.log(id); // e.g. 9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d

Practical tips

  • Database indexes: Random UUIDs fragment B-tree indexes more than sequential IDs. PostgreSQL’s gen_random_uuid(), UUID v7 (time-ordered), or COMB-style tricks can help if insert performance matters at huge scale.
  • Logs and tracing: Use a UUID per request as a correlation ID so you can grep logs across services.
  • Testing: Generate fresh UUIDs in fixtures so tests do not depend on fixed values unless you need reproducibility (then v5 or a seeded generator may fit).

Try it in the browser

Use our free UUID Generator to create v4-style identifiers instantly—no signup, and everything runs locally in your tab.

For related workflows, you might also like the Hash Generator for checksums and the JWT Decoder when debugging tokens that often sit next to UUIDs in APIs.

Back to all articlesBrowse tools