UUIDs 101: The Identifier You Keep Using But Don't Fully Understand

    December 12, 2023
    10 min read
    Long read
    Explainer
    uuid
    distributed-systems
    history

    If you've ever worked with APIs, databases, or distributed systems, you've seen UUIDs — those strange hyphenated strings like 3f0e5c44-bdf2-4eb7-95f0-0bbd0fc1f5a0.

    But what are they, really?

    This guide explains UUIDs from the ground up — what they are, why they matter, and how to use them effectively in modern software systems.

    🧠 What Is a UUID?

    UUID stands for Universally Unique Identifier. It’s a 128-bit value designed to be:

    • Globally unique
    • Unpredictable
    • Decentralized — no central coordination required

    They’re used to identify anything and everything: users, database rows, API keys, sessions, transactions, devices, etc.

    🔍 UUID Format

    A UUID looks like this:

    code
    550e8400-e29b-41d4-a716-446655440000

    It’s made up of 5 groups of hexadecimal digits:

    • 8 characters
    • 4 characters
    • 4 characters
    • 4 characters
    • 12 characters

    Total: 36 characters (including hyphens)

    Actual size: 128 bits (16 bytes)

    🧬 UUID Structure and Versions

    There are multiple versions of UUIDs, each with different use cases.

    VersionDescriptionProperties
    v1Time + MAC addressOrdered, traceable, privacy issues
    v3MD5 hash of name + NSDeterministic
    v4Random-basedFast, unpredictable, common
    v5SHA-1 hash of name + NSDeterministic, more secure than v3
    v7Timestamp + randomnessSortable + random (RFC 9562)
    v8Custom payloadDeveloper-defined structure

    Most Common:

    • UUIDv4: Random — great for IDs that need to be unique without coordination
    • UUIDv7: Time-sortable — ideal for logs, ordered data, distributed events

    ⚙️ How Are UUIDs Generated?

    Here’s how to generate UUIDs in common programming languages.

    Python

    python
    import uuid

uuid.uuid4()  # Random
uuid.uuid1()  # Time + MAC
uuid.uuid5(uuid.NAMESPACE_DNS, "example.com")  # Deterministic

    JavaScript (Node.js)

    js
    import { v4, v5 } from 'uuid';

v4(); // Random
v5('example.com', v5.DNS); // Namespace-based

    Go

    go
    import "github.com/google/uuid"

uuid.New()         // v4
uuid.NewMD5(...)   // v3
uuid.NewSHA1(...)  // v5

    Rust

    rust
    use uuid::Uuid;

Uuid::new_v4();
Uuid::new_v5(&Uuid::NAMESPACE_DNS, b"example.com");

    Bash (CLI)

    bash
    uuidgen            # Default to v1 or v4 depending on OS

    🗃️ Where Are UUIDs Used?

    • Database IDs: Especially in distributed or sharded systems
    • Session tokens: Where uniqueness and unpredictability matter
    • Object storage: Referencing blobs in cloud storage
    • API endpoints: Avoiding guessable user IDs in URLs
    • Microservices: For tracing requests end-to-end

    ✅ Why Use UUIDs?

    • No central coordination — each node can generate its own UUIDs
    • Low collision risk — 128-bit space = 3.4 x 10³⁸ possibilities
    • Easy to log/debug — self-contained, portable
    • Safe for distributed systems — works across regions, zones, instances

    ❌ When Not to Use UUIDs

    • When ordering matters: UUIDv4 is not sortable
    • When space matters: UUIDs are longer than ints (16 bytes vs 4 bytes)
    • When you need natural keys: UUIDs are opaque

    In those cases, consider alternatives like:

    • UUIDv7 (sortable)
    • ULID / KSUID (time-sortable + random)
    • Auto-increment integers (local-only systems)

    🧪 Fun Facts

    • The chance of a UUIDv4 collision is astronomically low. You could generate 1 billion UUIDs per second for 100 years and still be unlikely to see a duplicate.
    • UUIDv1 includes your MAC address (yikes for privacy).
    • UUIDv7 and v8 were standardized in 2024 under [RFC 9562](https://datatracker.ietf.org/doc/rfc9562/).

    ⚠️ Common Mistakes

    • Truncating UUIDs: Don’t do it. That breaks uniqueness guarantees.
    • Using UUIDs as sortable keys: Use UUIDv7, ULID, or add timestamps.
    • Storing as `VARCHAR(36)` in databases: Use BINARY(16) or native UUID types.
    • Mocking UUIDs in tests without randomness: Causes false collisions or flaky tests.

    🧠 Summary

    UUIDs are a powerful tool for building scalable, safe, distributed systems. By understanding how they’re structured and when to use them, you’ll make better design decisions — and avoid the classic pitfalls.

    Remember:

    • Use UUIDv4 for randomness
    • Use UUIDv7 for sortability
    • Avoid truncation
    • Don’t compare formats naively
    • Use the right storage type in your DB

    Final Thoughts

    You don’t have to be a systems architect to understand UUIDs — but every modern developer should know the basics.

    With great uniqueness comes great responsibility. 🔑

    Generate Your Own UUIDs

    Ready to put this knowledge into practice? Try our UUID generators:

    Generate a Single UUID

    Create a UUID with our fast, secure generator

    Bulk UUID Generator

    Need multiple UUIDs? Generate them in bulk

    Summary

    This beginner-friendly guide introduces the fundamentals of UUIDs — what they are, how they work, where they’re used, and how to generate them in various programming languages. A clear, practical starting point for understanding unique identifiers in distributed systems.

    TLDR;

    UUIDs (Universally Unique Identifiers) are 128-bit values used to uniquely identify things across space and time.

    Key concepts:

    • UUIDs are essential for ensuring unique IDs in distributed systems
    • There are multiple UUID versions — v1 (time), v4 (random), v5 (name-based), v7 (time+random), v8 (custom)
    • You can generate UUIDs easily in Python, JavaScript, Go, and more

    Whether you're building microservices, databases, or APIs, understanding UUIDs is a must-have skill for any backend or full-stack developer.

    Cookie Consent

    We use cookies to enhance your experience on our website. By accepting, you agree to the use of cookies in accordance with our Privacy Policy.