What is a UUID and when should I use it?

A UUID (Universally Unique Identifier) is a 128-bit identifier formatted as 8-4-4-4-12 hexadecimal characters. Use UUIDs as database primary keys, unique record identifiers, or anywhere you need a globally unique ID that can be generated without a central authority.

Can two UUID v4 values be identical?

In theory yes, but in practice no. UUID v4 has 122 bits of randomness, giving approximately 5.3 undecillion possible values. The probability of generating a duplicate is so astronomically low that it is considered impossible for any practical application.

When should I use a UUID versus a random token?

Use UUID v4 when you need a standard, universally recognized unique identifier — for database IDs, distributed systems, and APIs that expect UUID format. Use random alphanumeric or hex tokens for API keys, session tokens, and secrets where format flexibility matters more than UUID compliance.

Home › Security › UUID & Token Generator

Free UUID v4 Generator & Random Token Generator Online

Generate cryptographically random UUID v4 identifiers, alphanumeric tokens, and hex strings. Instant, browser-based, no login.

—

Our UUID generator creates RFC 4122 compliant UUID v4 identifiers, random alphanumeric tokens, and hexadecimal strings — all using the Web Crypto API for maximum entropy. Whether you need a database primary key, an API key, a session token, or a secret string, this tool generates cryptographically strong random values instantly in your browser. No data is transmitted anywhere.

What Is a UUID?

A UUID (Universally Unique Identifier) is a 128-bit identifier standardized in RFC 4122 and formatted as 32 hexadecimal characters separated by hyphens in the pattern xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx. For example: 550e8400-e29b-41d4-a716-446655440000.

UUID v4 — the type generated here — is entirely random except for two fixed bits that identify the version and variant. With 122 bits of randomness, UUID v4 has approximately 5.3 undecillion (5.3 × 10³⁶) possible values, making the probability of a collision effectively zero for any real-world application.

UUIDs can be generated independently on any device without coordination between systems. This makes them ideal for distributed databases, microservices, and any scenario where a central ID-issuing authority would create a bottleneck.

UUID v4 vs Alphanumeric Token vs Hex String

UUID v4

Standard format: xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx. Use when systems or APIs expect UUID format, for database primary keys, or distributed system identifiers. RFC 4122 compliant.

Alphanumeric Token

Characters A–Z, a–z, 0–9. Custom length (4–256). Higher information density per character than hex. Good for API keys, invite codes, and user-facing tokens where readability matters.

Hexadecimal String

Characters 0–9, a–f. Custom length. Standard output format for cryptographic operations. Ideal for hash salts, secret keys, and any context where hex format is expected.

Common Use Cases

🗃️ Database Primary Keys

Use UUID v4 as primary keys in PostgreSQL, MySQL, or MongoDB. Unlike auto-increment integers, UUIDs don't expose record counts and work seamlessly in distributed databases.

🔑 API Keys

Generate 32-character alphanumeric tokens for API authentication. The character set gives more entropy per character than UUID, resulting in a more compact but equally secure key.

🍪 Session Tokens

Generate 32–64 character tokens for user session identifiers in web applications. Store only the hash of the token in your database for additional security.

🔐 JWT Secrets

Generate a 64-character hex string for signing JWT tokens. The 256 bits of randomness provide the security margin required for production JWT signing keys.

🎟️ Invite & Coupon Codes

Generate 8–12 character alphanumeric tokens for invite links, coupon codes, or verification tokens. Alphanumeric format is easier for users to transcribe than UUID.

📊 Event Tracking IDs

Assign a UUID to each analytics event for deduplication and tracking across distributed logging systems. UUID format is supported natively by most analytics platforms.

Frequently Asked Questions

What is the difference between UUID and GUID?

UUID and GUID (Globally Unique Identifier) are essentially the same thing. GUID is Microsoft's term and implementation of the UUID standard (RFC 4122). Both use the same format and are completely interchangeable in most contexts. Windows systems typically use GUID terminology while Unix and web systems use UUID.

Can two UUID v4 values ever be identical?

In theory yes, but in practice no. UUID v4 has 122 bits of randomness, producing approximately 5.3 undecillion possible values. To have a 50% probability of a collision, you would need to generate 2.7 quintillion UUIDs. For comparison, the entire internet generates only a few billion UUIDs per day. Collisions are not a practical concern.

What is the best way to store UUID in a database?

PostgreSQL has a native UUID type that stores it as 16 bytes — the most efficient option. MySQL can use BINARY(16) for efficiency or VARCHAR(36) for readability. MongoDB accepts UUID natively. Avoid storing UUIDs as TEXT or VARCHAR(36) in performance-critical tables due to indexing overhead compared to binary storage.

Is UUID v4 cryptographically secure?

Yes, when generated using a cryptographically secure random number generator (CSPRNG). This tool uses the Web Crypto API's crypto.getRandomValues() which is a CSPRNG — the same randomness source used by operating systems for security-critical operations. Not all UUID generators use a CSPRNG, so the source of randomness matters.

What is the difference between UUID v4 and UUID v7?

UUID v4 is entirely random, making it unordered. UUID v7 (a newer standard) incorporates a millisecond timestamp prefix, making it sortable by creation time. This makes UUID v7 better for database primary keys where insertion order matters for index performance. UUID v4 is better when you want no information encoded in the identifier itself.