Like @lorthirk said, you should probably work on securing your APIs in other ways. But if you decide to go with UUIDs then, I'm not that experienced with databases, but here's what I can gather from some quick googling:
varbinary instead of varchar. varbinary is more efficient because it stores the data internally as a number and therefore also uses up less space. (One such setup is described in this blog post).By the way, all the above applies only to relational databases (and perhaps not to all of them?). It's mainly because the databases weren't designed with UUIDs in mind. Some of the newer databases like MongoDB use UUID primary-keys by default. Not to say that you must use them or anything, but it's good to keep that in mind 😉