Best way to generate an UUID for the id field?

If You have an authorization system in place, then putting some random id should not affect the security of your system.

User identity can be managed by sessions, cookies, or tokens in case of API.