UUID Guide — Universal Unique Identifiers Explained
A UUID (Universally Unique Identifier) is a 128-bit identifier designed to be unique across space and time without requiring a central registration authority. They are everywhere in modern software — as database primary keys, API resource identifiers, session tokens, and transaction IDs. Use our free UUID Generator to create UUIDs instantly.
UUID Format
A UUID is a 36-character string (32 hex digits + 4 hyphens), formatted as 8-4-4-4-12:
550e8400-e29b-41d4-a716-446655440000 │ │ │ │ │ │ │ │ │ │ │ └── 12 hex digits (node/random) │ │ │ │ └── 4 hex digits (variant) │ │ │ └── 4 hex digits (clock sequence/random) │ │ └── 4 hex digits (version) │ └── 8 hex digits (time_low/random) └── 8 hex digits (time_low/random)
The version digit (in the 13th character position) indicates which UUID generation method was used. The variant digit (in the 17th character position) indicates the UUID specification variant.
UUID Versions Compared
| Version | Generation Method | Sortable? | Best For |
|---|---|---|---|
| v1 | Timestamp + MAC address + clock sequence | Yes (time-based) | Sequential IDs, but exposes MAC address (privacy risk) |
| v4 | Random (cryptographic) | No (random) | General purpose — most widely used, no privacy concerns |
| v5 | SHA-1 hash + namespace | No (hash-based) | Deterministic UUIDs from a name within a namespace |
| v7 | Timestamp + random (RFC 9562) | Yes (time-ordered) | Database-primary-key-friendly — sortable within a time window |
UUID v4: The Most Common Choice
UUID v4 uses 122 bits of random data (6 bits are reserved for version/variant flags) generated from a cryptographically secure random number generator. The chance of collision is so astronomically low that it can be ignored in practice — you'd need to generate billions of UUIDs per second for centuries to have a 50% probability of a single collision. This makes v4 ideal for most applications without a central coordination service.
UUID v7: The Database-Friendly Choice
UUID v7 (defined in RFC 9562, published in 2024) combines a 48-bit Unix timestamp (millisecond precision) with 74 bits of random data. This makes UUIDs time-sortable — they are ordered by creation time, which dramatically improves B-tree index performance in databases. This solves the biggest complaint about UUID v4: poor index locality in database tables.
// UUID v7 structure // 018f3a6e-1b23-7f00-b000-123456789abc // _______/ __/ _/ _/ __________/ // 48-bit 4 12 2 62 random // timestamp ver ts var (74 bits // (7) rand random) // (reserved bits counted)
UUID as Database Primary Key
Using UUIDs as database primary keys has tradeoffs compared to auto-increment integers:
Advantages
- • Unique across tables, databases, and systems
- • No collision risk when merging databases
- • Cannot be enumerated (security through obscurity)
- • Generated client-side without DB round-trip
- • Works well in distributed/microservice systems
Disadvantages
- • 16 bytes vs 4-8 bytes for integers
- • UUID v4 causes index fragmentation (B-tree page splits)
- • Slower index lookups due to size and randomness
- • Harder to debug and query manually
- • UUID v7 solves the index issue but is newer
UUID vs GUID: What's the Difference?
UUID and GUID (Globally Unique Identifier) are functionally identical. GUID is Microsoft's implementation of the UUID standard (RFC 4122). The terms are used interchangeably in most contexts. Some GUIDs use a mixed-endian byte order for certain fields, which can cause interoperability issues between different implementations — but modern GUID generators follow the standard UUID layout.
Frequently Asked Questions
Can two UUIDs ever collide?
The probability of a UUID v4 collision is about 1 in 5.3×10³⁶ (or 1 in 2^122). For perspective, you'd need to generate 1 billion UUIDs per second for 85 years to reach a 50% collision probability.
Should I use UUID v4 or v7 in 2026?
For new projects, use UUID v7 if your database supports it (PostgreSQL, MySQL 8.0+, SQL Server). It provides better index performance. Use v4 for simplicity and maximum compatibility.
Can I use UUIDs in URLs?
Yes. UUIDs are URL-safe (only hex characters and hyphens). They make clean, readable API endpoints like /api/users/550e8400-e29b-41d4-a716-446655440000.
How do I validate a UUID?
Check the format: 8-4-4-4-12 hex digits (32 hex characters + 4 hyphens = 36 characters). Our UUID Validator tool does this automatically.
Is UUID generation cryptographically secure?
UUID v4 from our generator uses crypto.randomUUID() (Web Crypto API), which is cryptographically secure. UUIDs can be used for session tokens and non-critical security identifiers.