[groestl]

> UUID generated client side and basically upserted it

Read and take notes. This is crazy in untrusted environments.

[kevincox]

Generating IDs on the client can be very useful for offline-first systems. But you need to check for conflicts and permissions on the server (or be sure to keep the IDs secret which I wouldn't recommend).

[groestl]

Agreed, but in that case "upsert" is also weird, since I'd structure such a system around an immutable log datastructure.