What Is a UUID? Unique Identifiers Explained

Q: How do I generate a UUID in code?

JavaScript/Node.js: crypto.randomUUID() (built-in, no library needed). Python: import uuid; str(uuid.uuid4()) . Go: github.com/google/uuid package — uuid.New().String() . Java: UUID.randomUUID().toString() . PHP: Str::uuid() (Laravel) or ramsey/uuid package. Ruby: SecureRandom.uuid . PostgreSQL: gen_random_uuid() .

A UUID (Universally Unique Identifier) is a 128-bit identifier guaranteed to be unique without central coordination. Learn what UUIDs are, how they're structured, which version to use, and why they matter for distributed systems.

UUID Explained Simply

A UUID is a 128-bit number formatted as 32 hex digits in five groups: xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx. The M digit indicates the version (1–7) and N encodes the variant. UUIDs are designed so that any two independently generated UUIDs will almost certainly be different — without needing a central authority to assign them.

Format: 8-4-4-4-12 hex characters, separated by hyphens — e.g., 550e8400-e29b-41d4-a716-446655440000
128 bits: 2¹²⁸ possible values — about 340 undecillion unique IDs
No coordination needed: Any system can generate a UUID independently and rely on its uniqueness
RFC 4122 standard: Defined by an IETF standard with multiple versions for different use cases

Generate a UUID →

UUID Versions and When to Use Each

UUID v1 (time-based): Encodes the current timestamp and MAC address — sortable by creation time but leaks machine identity. Avoid for public-facing IDs
UUID v3 (name-based, MD5): Deterministic — the same name + namespace always produces the same UUID. Useful for generating consistent IDs for the same resource across systems
UUID v4 (random): 122 bits of cryptographic randomness — no timestamp, no machine info. The default choice for most use cases: database keys, session tokens, API identifiers
UUID v5 (name-based, SHA-1): Like v3 but uses SHA-1 instead of MD5 — preferred over v3 for new implementations
UUID v7 (time-ordered random): New standard combining timestamp prefix with randomness — time-sortable like v1 without the privacy issues, and index-friendly in databases. Best choice for new database primary keys

UUID vs. Sequential IDs

Sequential IDs (1, 2, 3...): Predictable, compact, index-friendly, but require a central counter — hard to generate independently in distributed systems
UUIDs: No central coordination, globally unique across systems and databases, but random v4 UUIDs fragment B-tree indexes (use v7 to fix this)
Security benefit: Sequential IDs reveal record count and allow enumeration (/users/1, /users/2...). UUIDs are opaque — you can't guess another valid ID
Storage: UUID as a string is 36 bytes; as binary(16) is 16 bytes — store as binary in MySQL for efficiency; PostgreSQL has a native uuid type

Frequently Asked Questions

Can two UUIDs ever be the same?

Theoretically yes, practically no. UUID v4 has 122 random bits — 2¹²² ≈ 5.3 × 10³⁶ possible values. To have a 50% chance of a collision you'd need to generate about 2.7 × 10¹⁸ UUIDs. At a rate of one billion UUIDs per second, reaching that threshold would take 85 years. For all practical purposes, UUID v4 collisions don't occur. UUID v1 relies on a unique MAC address + monotonic clock, which can theoretically collide if MAC addresses are spoofed or clocks reset, but this is also negligible in practice.

Is a UUID the same as a GUID?

Yes — GUID (Globally Unique Identifier) is Microsoft's name for the same concept. Both follow RFC 4122 and produce identical xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx format identifiers. The term GUID is used in Windows/.NET contexts; UUID is used everywhere else. They are completely interchangeable.

How do I generate a UUID in code?

JavaScript/Node.js: crypto.randomUUID() (built-in, no library needed). Python: import uuid; str(uuid.uuid4()). Go: github.com/google/uuid package — uuid.New().String(). Java: UUID.randomUUID().toString(). PHP: Str::uuid() (Laravel) or ramsey/uuid package. Ruby: SecureRandom.uuid. PostgreSQL: gen_random_uuid().