UUID Generator

Generate one or many RFC 4122 version 4 UUIDs using the browser's cryptographic random source.

How many?

UppercaseWithout hyphens

About UUID v4

A UUID — Universally Unique Identifier, also called GUID on Microsoft platforms — is a 128-bit value used as an identifier in distributed systems where coordination would be too expensive. The format is standardised by RFC 4122 and renders as 32 hexadecimal digits in the canonical form 8-4-4-4-12 separated by hyphens, for example 550e8400-e29b-41d4-a716-446655440000.

Version 4 UUIDs are generated almost entirely from random bytes. Six bits are reserved to declare the version (4) and the variant (RFC 4122), leaving 122 bits of randomness — enough that the probability of collision is negligible until you have generated about 2.71 quintillion of them. This generator uses crypto.randomUUID(), which delegates to the operating system's CSPRNG, so the values are suitable for security-sensitive use cases such as session tokens or one-time links.

Use cases

Create primary keys for database rows when you need to generate the ID before inserting.
Tag log lines or trace spans so you can correlate events across services.
Generate idempotency keys for non-idempotent HTTP requests.
Build invitation links or reset tokens that should be unguessable.
Assign stable IDs to React list items that have no natural primary key.

Best practices

Store UUIDs as 16-byte BINARY in MySQL or as the native UUID type in PostgreSQL — not as 36-character VARCHAR — to save space.
Use UUIDv7 (time-ordered) when you need both uniqueness and good database index locality.
Avoid embedding sensitive information in a UUID; treat it as opaque.
Do not use UUIDs as a substitute for proper authorisation — knowing an ID is not the same as being allowed to access the resource.

Frequently asked questions

Are these UUIDs safe to use as security tokens?

Yes for moderate-security purposes. crypto.randomUUID() uses the operating system's cryptographically secure random source. For very long-lived secrets prefer a longer random string.

What is the chance of a collision?

Negligible. With 122 random bits you would need to generate roughly 2.71 quintillion UUIDs to have a 50% chance of any collision.

Why version 4 specifically?

Version 4 is fully random and requires no coordination, MAC address, or clock state. It is the default choice in most modern libraries.

How is UUIDv4 different from UUIDv7?

UUIDv7 embeds a millisecond timestamp in the high bits, giving lexicographic ordering and friendlier database index behaviour. UUIDv4 is fully random with no temporal information.