Since 1999


1 minutes estimated reading time.

UUID as a secure API token for API RESTful endpoints? (Video)

In this video excert, I discussed the the role of the UUID as an API token and how to improve the security of an application when using them.

Specifically, the RFC 4122, Section 6 Security Considerations, cautions developers to “not assume that UUIDs are hard to guess; they should not be used as security capabilities (identifiers whose mere possession grants access), for example. A predictable random number source will exacerbate the situation. Watch the video to learn how they can be used more safely.

Originally recorded in August 2014, this content holds up well ten years later. I mostly see UUIDs useful for share links from an application. JWT tokens have become a well defined standard that can be used for many token authentication workflows.