Your treating the uuid like a password. So the same principles apply. E.g is it a get request? Are query params encoded so middle men can't get them? @lgessler
Di your users understand they can't give out the uuid? Imo it's a coupling that buys you little and costs you much.