GUID and UUID are not good ID schemes for the web because they are not designed for human consumption. They are too long and too hard to type, therefore not adequate for a URL. Youtube solved this problem perfectly with their 11-character video IDs, which:
- are short,
- are as easy to type as is realistic to hope for, and
- contain a lot of information in them.
Now you wish to use the same scheme in your application.
- Below is a specification. It is identical to what YouTube does, as far as we know. Let us call it "Livid".
- This project contains implementations of the spec:
- in Dart (TODO)
- in Javascript (TODO)
- in Python
- 11 characters long (commonly constant, though not formally guaranteed) (webapps.stackexchange.com).
- Characters drawn from a URL-safe Base64 set
A–Z a–z 0–9 - _(64 possibilities) (webapps.stackexchange.com).
- Encodes a 64-bit integer payload.
- 11 Base64 characters ≈ 66 bits; only about 64 bits carry payload.
- The last character is restricted to 16 possible values to zero out unused bits.
The regular expression pattern for valid IDs is [A-Za-z0-9_-]{10}[AEIMQUYcgkosw048].
- Generate a random 64-bit unsigned integer.
- Encode in Base64, producing an 11-character string.
- Standard Base64 uses
+/; we replace/with-and+with_for URL safety. - No padding (
=) is used, as the length is fixed (stackoverflow.com, wiki.archiveteam.org, webapps.stackexchange.com).
- Standard Base64 uses
- If the integer collides with an existing ID, regenerate. Collisions are extremely rare in such a large space.
- IDs are randomly generated, not sequential, to avoid enumeration, scraping, and privacy leaks (reddit.com).
- Collision-checking ensures uniqueness.
- Though the 11-char format is stable, there's no official commitment to keep it permanently (webapps.stackexchange.com).
- To validate or test an ID, you must query the existing data (webapps.stackexchange.com).
| Feature | Description |
|---|---|
| Length | Exactly 11 chars |
| Character set | [A–Z][a–z][0–9][- _] |
| Encoded data | 64-bit + 2 unused bits |
| End-char restrictions | Only 16 values (last 2 bits zeroed) |
| Generation method | Random + Base64 URL-safe encoding |
| Collision handling | Check uniqueness, retry on conflict |
| Validation | Query the server/API |
| Guarantee | No official guarantee on format stability |