What Is a UUID? Complete Guide

Definition of UUID

UUID (Universally Unique Identifier) is a 128-bit (16-byte) numeric identifier designed to generate globally unique IDs without requiring a central coordinating authority. It is typically represented as hyphen-separated hexadecimal: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx — 32 hexadecimal characters + 4 hyphens = 36 total characters.

A typical UUID example:

550e8400-e29b-41d4-a716-446655440000

Historical Background of UUID

UUID was developed by Apollo Computer in the early 1980s, originally for identifying network objects in distributed computing environments (Apollo Network Computing System). It was later incorporated by the Open Software Foundation (OSF) into the DCE (Distributed Computing Environment) specification, and ultimately became an IETF internet standard as RFC 4122. Microsoft popularized it as GUID (Globally Unique Identifier), essentially identical to UUID.

UUID Structure

UUID consists of five groups:

• Group 1 (8 hex chars = 32 bits): version-related data
• Group 2 (4 chars = 16 bits): version-related data
• Group 3 (4 chars = 16 bits): high 4 bits = version number (1–5), low 12 bits = data
• Group 4 (4 chars = 16 bits): high 2–3 bits = variant identifier, low bits = clock sequence
• Group 5 (12 chars = 48 bits): node identifier (usually MAC address or random number)

UUID Versions

RFC 4122 defined 5 UUID versions; the 2022 new RFC (RFC 9562) added versions 6, 7, and 8:

• Version 1: based on timestamp and MAC address
• Version 2: DCE Security UUID (rarely used in practice)
• Version 3: namespace UUID based on MD5 hash
• Version 4: completely random (most commonly used)
• Version 5: namespace UUID based on SHA-1 hash
• Version 7 (new): sortable random UUID based on Unix millisecond timestamp

Primary Uses of UUID

UUID is widely used in software development for: database primary keys (avoiding predictable sequential auto-increment ID issues); unique ID generation across nodes in distributed systems (no global lock needed); API request tracing IDs (request_id); file naming or resource naming (avoiding conflicts); session IDs and tokens (but use cryptographically secure random number generation for stronger security needs); log correlation identifiers.

UUID Pros and Cons

Pros: global uniqueness (extremely low collision probability); no central coordinating authority needed; suitable for distributed systems; does not leak sequence information (version 4); standardized format with good cross-language, cross-platform support. Cons: 36 characters is much longer than integer IDs with higher storage and transmission overhead; random UUID B-tree index performance is poor (frequent page splits); poor readability, not intuitive for manual debugging; version 1 exposes MAC address posing privacy risk.

When to Use and Not Use UUID

Scenarios where UUID is recommended: distributed systems and microservices; needing to generate IDs on the client side (without depending on a server); needing to avoid exposing ID sequence (like order numbers that should not be predictable). Scenarios where UUID is not recommended: small single-machine applications (auto-increment IDs are simpler and more efficient); high-write scenarios with extreme sensitivity to database index performance (consider UUID v7 or ULID instead); scenarios requiring human-friendly IDs (like short links, invite codes).