Choosing the right type of primary key for your database is a critical decision that can impact your application’s performance and security. While auto-increment primary keys have been a popular choice for a long time, UUIDs (Universally Unique Identifiers) have emerged as a better alternative. In this tutorial, we will delve into the advantages of using UUIDs over auto-increment primary keys. We will also explore how UUIDs can help you protect your users’ privacy, provide more flexibility to your front-end developers, and improve your application’s scalability.

Key Takeaways:

  • UUIDs provide a more secure way of generating unique identifiers as compared to auto-increment primary keys.
  • Using UUIDs can help protect your users’ privacy by making it impossible for outsiders to guess the ID of a specific record.
  • Frontend developers can benefit from the flexibility that UUIDs provide, allowing them to generate new records independently without overriding API calls.
  • UUIDs can help improve your application’s scalability by eliminating the need for synchronization among different servers or databases.

What is Auto increment primary keys?

Each time a new record is added to a table, the database engine generates a primary key automatically using the auto-increment feature. This unique number ensures that each record has a distinct identifier within the table. The responsibility of the database engine is to maintain the uniqueness of this key within the table.

The sample value looks like this:

What is UUID?

UUID, also referred to as GUID, is a primary key type that can be used as an alternative to auto-increment IDs in SQL databases. It is a 128-bit type that is compatible with the majority of GUID and UUID generators. UUIDs are represented by 32 lowercase hexadecimal digits and are displayed in a specific format consisting of five groups separated by hyphens. The format is 8-4-4-4-12, for 36 characters comprising 32 alphanumeric characters and four hyphens. UUIDs are random strings that conform to a pre-defined format.

The sample value looks like this:

Install using Npm

npm install uuid

Using ES6 Syntax:

import { v4 as uuidv4 } from ‘uuid’;

uuidv4(); // ⇨ ‘9b1deb4d-3b7d-4bad-9bdd-2b0d7b3dcb6d’

Using Common JS Syntax:

const { v4: uuidv4 } = require(‘uuid’);

uuidv4(); // ⇨ ‘1b9d6bcd-bbfd-4b2d-9b5d-ab8dfbbd4bed’

Disclosure of confidential information through URLs

If you have a RESTful application, it’s important to be aware that primary key values are often included in URLs and API network logs, making them publicly discoverable. Since sequential IDs can make it possible to guess previous identifiers, a user could access information that doesn’t belong to them by entering an ID before their own in the URL. While a server should have implemented permission features, it’s still possible for a request to hit the database and find the user based on the ID, which could result in unauthorized access. However, by switching to UUIDs like “45ED815C-WD1C-4011–8667–7158982951EA”, it becomes impossible to guess another user’s identifier. This is a major advantage as it greatly enhances security and privacy.

By including IDs in URLs, end users can potentially discern the number of records present in the system

While it may not pose a significant risk for small companies, revealing this information to competitors can have a massive impact on the product. For instance, consider a scenario where there’s a User table in the database. When a new record is created, the server stores an incremented ID in the database. By knowing your user ID (e.g., 23134), it becomes possible to estimate the total number of users in the database. This underscores the importance of protecting sensitive information and avoiding potentially harmful data disclosures.

Empowering frontend developers with greater autonomy

Providing frontend developers with the freedom to generate new objects with UUID as primary keys allows them to create new records independently, without having to override API calls. By avoiding collisions with existing records in the database, this approach enables front-end developers to work more freely and flexibly.

Thanks for taking the time to read our blog post! If you’re in the process of building a distributed database or need assistance with scaling your NoSQL database, we highly recommend using UUID. At West Agile Labs, our experienced team can help you with all your database needs, from design to implementation. We can also assist with software development and digital transformation to help your business thrive.