I am working on a small piece that will generate an API Key using SQL Sever's NEWID(). The key will be used to access certain parts of our web app and will be passed in through a URL. The key is generated when a new API consumer is created (in a Stored Proc). The key is unique for each consumer. While the initial number of consumers is expected to be relatively low, it will grow over time but with a relatively low frequency.
Some of the constraints are:
- Key has to be generated at Insert level
- Must be unique for each consumer
- Performance, as always, is important
Are there any issues with this approach - security, performance or other? Is there a better way to achieve the same result?