A UUID (Universally Unique Identifier) is a 128-bit number used to uniquely identify something — a database record, a file, a session, a device — without requiring central coordination. Two systems can each generate a UUID completely independently and the chance they produce the same value is astronomically small.
What a UUID looks like
UUIDs are displayed as 32 hexadecimal digits split into five groups by hyphens:
The format is always 8-4-4-4-12 characters. The total length is always 36 characters including hyphens, or 32 hex characters without them. The third group contains a version digit — the 4 in 41d4 above indicates UUID version 4.
UUID versions — what is the difference?
There are five UUID versions (v1–v5), each using a different generation strategy. You will mostly encounter v1 and v4 in practice:
| Version | How it is generated | Use when |
|---|---|---|
| v1 | Current timestamp + MAC address of the machine | You want IDs that sort chronologically or need to trace which machine generated them |
| v3 | MD5 hash of a namespace + name | You need deterministic IDs from a name (same input always produces same UUID) |
| v4 | Randomly generated (122 random bits) | Most use cases — fast, simple, no coordination needed, no information leakage |
| v5 | SHA-1 hash of a namespace + name | Same as v3 but with a stronger hash function |
UUID v4 is what most developers use. It is purely random, requires no knowledge of the machine or timestamp, and contains no identifiable information about when or where it was created.
UUID vs auto-increment: when to use which
Auto-increment integers (1, 2, 3…) are the default primary key in most databases. They are compact, fast to index, and easy to read. So why use UUIDs?
- Distributed systems — when multiple servers insert records simultaneously, auto-increment IDs require a central counter. UUIDs can be generated independently on any machine without coordination.
- Merging databases — merging two tables with auto-increment IDs causes collisions. UUIDs are collision-free by design.
- Security — sequential IDs like
/user/1234reveal how many users you have and make it easy to enumerate records. A UUID-based URL leaks nothing. - Client-side generation — the client can generate the ID before the server creates the record, enabling optimistic UI updates.
The tradeoffs: UUIDs are larger (16 bytes vs 4 bytes for an integer), harder to type or remember, and random UUIDs (v4) fragment database index pages because insertions are non-sequential.
Generating UUIDs in code
- JavaScript:
crypto.randomUUID()(built into modern browsers and Node.js 14.17+) - Python:
import uuid; str(uuid.uuid4()) - PHP:
Str::uuid()in Laravel, or theramsey/uuidpackage - PostgreSQL:
gen_random_uuid() - MySQL:
UUID() - SQL Server:
NEWID()