UUID & GUID Generator
Bulk-generate v1, v4, and v7 UUIDs with custom formatting β no server, no tracking.
UUID vs GUID: Same Thing, Different Name Tags
Before anything else β UUID and GUID are the same concept. UUID stands for Universally Unique Identifier, GUID stands for Globally Unique Identifier. Microsoft popularized "GUID" in their COM and .NET ecosystems, while the rest of the world (IETF RFC 4122 and the newer RFC 9562) uses "UUID." Under the hood, both are 128-bit identifiers typically written as 32 hex characters separated by hyphens in the pattern xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx. The naming is tribalism, not technical distinction.
Why UUID Versions Actually Matter
There are now seven official UUID versions, but three of them do the heavy lifting in real production systems. Understanding when to reach for each one saves you from subtle bugs and performance problems that won't bite you until your database has ten million rows.
1. Version 1 β The Time Traveler
UUID v1 embeds a 60-bit timestamp measured in 100-nanosecond intervals since October 15, 1582 β the adoption date of the Gregorian calendar. It also includes a clock sequence counter and a 48-bit node identifier, originally meant to be a MAC address.
The big selling point: v1 UUIDs are monotonically increasing within a single machine, which makes B-tree indexes happy. The big problem: if you use an actual MAC address for the node field, you're leaking hardware identity into every generated ID. Modern implementations randomize the node field, which sacrifices some monotonicity guarantees but preserves privacy. Another wrinkle β v1 scrambles the timestamp bytes across the fields in a non-intuitive order (low bits first), meaning the IDs don't sort chronologically out of the box.
Use v1 when: you need a rough timestamp baked into the ID and you're not on a distributed system with many concurrent generators.
2. Version 4 β The Crowd Favorite
UUID v4 is 122 bits of pure randomness with 6 bits reserved for version and variant markers. There's no timestamp, no node, no structure β just entropy. This makes it completely opaque, which is often a feature rather than a bug. An attacker looking at your user IDs can't infer when accounts were created or how many exist.
The collision probability is so low it's practically theoretical. With 2^122 possible values (~5.3 Γ 10^36), you'd need to generate about 2.7 Γ 10^18 UUIDs before hitting a 50% collision probability. For comparison, that's roughly 103 years of UUID generation at a rate of one billion per second.
The downside: random IDs cause page splits in clustered indexes (like InnoDB's primary key), fragmenting your database over time. If you're inserting millions of rows, this matters. If you're inserting thousands, it probably doesn't.
Use v4 when: you want the simplest, most private, most portable UUID and don't need database-friendly insertion order.
3. Version 7 β The Modern Default
UUID v7, introduced in RFC 9562 (2024), fixes the ordering problem that v4 has without the privacy issue that v1 has. It packs a 48-bit Unix timestamp in milliseconds into the most significant bits, followed by 74 bits of randomness. Because the timestamp comes first and uses the standard Unix epoch, v7 UUIDs sort chronologically β both lexicographically and numerically.
This is a genuinely big deal for databases. Sorted inserts mean far fewer page splits. You get the simplicity of random IDs with the database performance of sequential IDs. v7 also works cleanly across distributed systems because each node generates IDs independently, and they still sort correctly by creation time across nodes (within millisecond resolution).
Use v7 when: you're building a new system, you want modern best practices, and you care about database index performance.
4. Formatting Options β They're Not Just Cosmetic
The standard UUID format with lowercase and hyphens is what RFC 9562 specifies, but every system seems to have its own preference. Here's what each formatting option actually changes and why you'd want it:
- Uppercase: Microsoft's .NET
Guid.ToString("D")returns uppercase by default. SQL Server stores GUIDs in a mixed-case format internally but displays them uppercase. If you're integrating with Windows-ecosystem tools, uppercase is often the expected format. - Remove hyphens: Useful when storing UUIDs in databases as
CHAR(32)instead ofCHAR(36), saving 4 bytes per row. Also handy for URL slugs where hyphens might cause parsing ambiguity. MongoDB ObjectIDs and some AWS resource identifiers follow this no-hyphen convention. - Curly braces: The Windows Registry and COM interfaces represent GUIDs with curly braces:
{550e8400-e29b-41d4-a716-446655440000}. If you're writing Windows automation scripts, COM interop code, or editing .reg files, this is the format you need. - Quoted: Ready-to-paste into JSON, JavaScript string literals, Python dictionaries, or SQL INSERT statements without extra editing.
5. Bulk Generation β When You Actually Need Hundreds
Individual UUID generation is fine for testing one endpoint. But several real scenarios demand batches:
Database seeding: Pre-generating primary keys before inserting rows lets you build your object graph in memory and insert everything without round-trips to get auto-incremented IDs back.
Test data fixtures: Test suites that need stable, reproducible IDs often pre-generate a batch and commit them to a fixtures file.
Configuration files: Kubernetes manifests, Terraform configs, and Azure ARM templates all use GUIDs for resource identifiers. When scaffolding infrastructure from templates, you need fresh UUIDs for each environment.
API mocking: Building a mock API that needs to return realistic-looking resource IDs? Generate 50 or 100 at once and drop them into your mock data.
6. Client-Side vs Server-Side Generation
A common question: should you generate UUIDs on the client (browser/app) or on the server? Both are valid, and the answer depends on your architecture.
Client-side generation (like this tool does) means the client owns the ID before the server ever sees the request. This enables optimistic UI updates β you can display the new resource immediately without waiting for a server round-trip. It also simplifies idempotent APIs: a client that retries a failed request uses the same UUID, and the server just ignores the duplicate.
Server-side generation gives you centralized control, audit logging, and the ability to enforce sequential IDs if you're using v1 or v7 with a single authoritative source. The tradeoff is a mandatory round-trip before you can reference the new resource.
v7 UUIDs work particularly well with client-side generation because even if many clients are generating IDs simultaneously, the IDs still sort in roughly chronological order by creation time.
7. Common Mistakes to Avoid
A few patterns that trip people up:
Storing UUIDs as strings when your DB supports a native type: PostgreSQL has a uuid type that stores 16 bytes. Storing as VARCHAR(36) wastes space and slows comparisons. MySQL 8+ has similar support. Always prefer native UUID types.
Using v4 as a primary key in MySQL with InnoDB: InnoDB clusters rows by primary key. Random v4 UUIDs cause write amplification and index fragmentation at scale. Either use v7 (which is ordered), or use a surrogate integer PK with UUID as a secondary unique column.
Assuming UUIDs are secret: They're identifiers, not tokens. A UUID in a URL path (/users/550e8400-e29b-...) is guessable in the same way an integer ID is guessable β which is to say, very hard but not impossible with brute force. If you need unforgeable resource tokens, layer actual authentication on top of your UUID-based routes.
Manually crafting UUID strings: Hand-typed UUIDs in config files are a reliable source of typos and formatting errors. Always generate them programmatically, even if you only need one.