Should I use UUIDs for resources in my public API?
Solution 1
It's possible that those other vendors you listed have their own ID or hashing scheme to allow them to expose a smaller number while using something more akin to a UUID internally. But in the end, the question must be asked: as long as your URIs are intended to be consumed by code (API clients) rather than humans, why would it matter?
Don't get too freaked out by what those vendors have done. There's no guarantee that (a) they are doing the "right" thing and (b) that their needs are the same as yours.
Go ahead and use UUIDs.
Solution 2
I think you might consider the four main options here:
use the UUID as your database Primary Keys, but it could be more computationally expensive than using Long
create an UUID to Long mapping layer, this way you can publish your REST resources, but maintain a clean database structure using Long PK
create an Alternate Key column in your database tables in order to hold de UUID values.
instead of using UUID you could have cryptographic IDs, generated on the fly using a custom seed for each customer and original PK. This approach imposes more execution overhead but could be interesting in some scenarios. The customer would have to use always encrypted data, since they will never have access to the seed or algorithm.
Related videos on Youtube
09 : 12
17 : 55
13 : 39
15 : 55
10 : 50
03 : 17
05 : 03
12 : 01
21 : 36
05 : 43
44 : 59
11 : 33
15 : 27
07 : 02
Alex Dean
I am a co-founder of Snowplow Analytics, an open-source platform for enterprise-strength product and marketing analytics, built on Hadoop and Redshift: https://github.com/snowplow/snowplow
Updated on July 04, 2022Comments
-
Alex Dean almost 2 years
I'm building a SaaS application and want to expose IDs for resources which are not tied to my current data storage implementation (Postgres auto-increment IDs). These Stack Overflow posts (one two) suggest that creating locally unique IDs is hard and that I might as well use UUIDs, which are of course easily and safely generated in pretty much any language.
I'm happy with this approach, but I wonder why I can't find any APIs from big SaaS/hosted players which do the same? For example:
- Shopify: 9 digit numbers
- Twilio: 34 character strings
- Twitter: 20+ digit numbers
- AMEE: 12 character A-Z0-9
So basically nobody seems to use UUIDs. Is there a reason for this - not-invented-here, cleverer internal ID algorithms or something else? And in my case, in the absence of any internal algorithm, does it make most sense to go with UUIDs?
-
David S about 11 yearsUpvote for a great question! How did the results turn out? Did you store them in a separate column? -
Alex Dean about 11 yearsHi David, yes in the end I used UUIDs and stored them in a separate column!
-
Casey Flynn about 11 yearsI'm doing the exact same thing
-
Michael Sørensen over 8 yearsThe AMEE Link are dead, but can now be found here
-
Alex Dean over 12 yearsThanks Brian, yes I'm going to press on with UUIDs
-
Alex Dean over 11 yearsThanks Alessandro! I ended up going with option 3.
