Have you ever come across the cryptic term UUID or GUID in your software development and wondered what you’re actually supposed to do with it? Don’t worry – that’s exactly what this is about. So you’re in the right place.
What are UUIDs?
The term UUID comes from English and stands for Universally Unique Identifier. In the Microsoft or Windows world, you often come across the sibling acronym GUID (Globally Unique Identifier) – in the end, both mean the same thing: a universal, unique identifier. And it’s exactly this guaranteed uniqueness that makes UUIDs so interesting for developers.
UUIDs are typically represented in hex format, neatly divided into groups so the whole thing doesn’t look completely like a kitten crashing across the keyboard. An example? Something like this:
38b0a4ca-74c2-4d37-a556-5203eff5bff3
What are UUIDs used for?
That's clearly ...
Just as an employee ID uniquely identifies an employee, software systems also need unique identifiers for their data: addresses, orders, products, customers—the whole range. The simplest variant is a sequential number that increases with each new entry. In database terms, this is simply called an auto-increment ID. Record 1 gets the number 1, the next gets 2—easy.
Things only get complicated when you don’t just have one database anymore, but a distributed system with several servers that aren’t always perfectly in sync. Then it might happen that Server A assigns the customer number 1234—and Server B, which wasn’t paying attention for a moment, also generates a 1234 for a completely different customer. When the systems are synchronized later, you have a problem: duplicate IDs, conflicts, chaos.
And this is exactly where UUIDs come into play. A UUID consists of 128 bits full of (pseudo-)randomness—that makes about 1.7 × 10³⁸ possible combinations. Or in human terms: a number with so many zeros that you’ll need a coffee break while saying it out loud. The probability of two systems generating the same UUID by chance is practically zero. Even if you generate 100 UUIDs per second, you would—roughly—be busy well past the end of the universe before you ever run through all the variants.
In short: UUIDs are truly universally unique—perfect if you want to build global, distributed, or just rock-solid systems.
Providence did not foresee that.
UUIDs have a huge advantage: they are not predictable. And that is precisely what makes them so valuable in the daily business of web apps, APIs, and databases. Just imagine if every new database entry simply got the number “123, 124, 125 …”. A curious visitor could then easily guess which other IDs might exist—and in the worst case, access data that wasn’t meant for them.
With a UUID, it’s a different story. These cryptic-looking strings not only appear random, they truly are in the best possible way. You can’t guess which UUID will come next—and neither can an outsider. This means: even if someone knows the URL for a specific dataset, they can’t infer anything about other datasets from it.
For you as a developer and operator, this means a substantial security boost. UUIDs prevent “ID harvesting,” make automated data scraping more difficult, and ensure your endpoints don’t look like an open barn door. In short: they protect your users—and you—from someone simply flipping through the records like it’s a 1998 phone book.
