What Is a UUID v4, and When Should You Use One?
UUIDs show up everywhere in software β database keys, session IDs, request tracing. Here's what version 4 actually means and when to reach for one.
What a UUID actually is
A UUID (Universally Unique Identifier) is a 128-bit value, usually written as 32 hex characters split by dashes: f47ac10b-58cc-4372-a567-0e02b2c3d479. The point isn't the format β it's the guarantee: generate enough of them, and the odds of two colliding are astronomically small, without needing a central authority to hand them out.
Why "v4" specifically
UUIDs come in several versions, each with a different generation strategy:
- v1 β based on timestamp and the generating machine's network address, which leaks information about when and where it was created.
- v4 β generated almost entirely from random bits. No timestamp, no machine identifier, no pattern to reverse-engineer.
- v7 β a newer version that's time-sortable (useful for database indexes) while still being mostly random.
v4 is the default choice for most applications precisely because it leaks nothing about its origin β it's just 122 bits of randomness with a few fixed bits marking the version.
When you'd actually use one
- Database primary keys β especially in distributed systems, where auto-incrementing IDs require coordination across nodes and UUIDs don't.
- Session or request IDs β unique enough to trace a single request through logs without colliding with another request.
- Public-facing resource IDs β a UUID in a URL (
/orders/f47ac10b...) doesn't reveal how many orders exist, unlike a sequential ID (/orders/4821).
Generating one safely
The UUID Generator creates v4 UUIDs using your browser's cryptographically secure random number generator β the same API used for generating encryption keys β entirely client-side.
Generate a UUID β instant, free, no tracking of what you generate.