Hacker News new | comments | show | ask | jobs | submit login

Please stop using the term UUID when you mean 'random alphanumeric string'. Because UUIDs have a standardized format (it's not just a random string): http://en.wikipedia.org/wiki/Universally_unique_identifier

UUID v4 is, in fact, random and "alphanumeric" in the sense that it's hex.

That being said, I have a few other issues with their wording as well. They should just say "we have a custom HMAC-based authentication scheme for our REST API". Also, it took me about 3 days to realize HMAC over SSL/TLS is about as secure and easy as you can get for most any language -- If you can send HTTP requests, you can probably do HMAC. You can add further safety by making expiring private keys for HMAC and other things, although my use cases are based on long running (weeklong+) batch computations, and not end users. (i.e. initial distribution of an expiring private key for HMAC over SSL, reauthentication schemes, etc...

It's not just random, it's a standard requiring some hex digits to be non-random (4, 8, 9, a, b). Otherwise it won't validate as a UUID4.

A UUID is first and foremost a 128 bit number, irrespective of its text encoding.

Its 'canonical' form uses HEX-only encoding. A 'Url62' can be another encoding. 'Url62' wouldn't be a canonical encoding, but it's still a 128 bit UUID number.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact