I'm working with Spring Boot and don't know how to design register confirmation process.
I can't decide how to solve these problems.
UUID seems to be a perfectly fine solution for tokens. I don't see a problem with it.
Regarding question 2: If you have tokens, that would be used multiple times, then indeed using that token in GET requests is a really bad idea. However, for a registration confirmation, you usually only have tokens that are valid for one use. So as soon as someone used a token, you should mark this token as invalid. In that case, using it in a GET request doesn't impose any security risks. Also, the token itself should just be used to mark the user account, but it shouldn't allow automatic login of the user, once he clicked on the link. Then you should be fine.