The string should be composed of two parts separated by a dash/minus: 1) an md5 string 2) a variable string with the "data center" subdomain name. This function checks if the api key is (somewhat) correct. private function isApiKeyValid($api_key){ return !empty( preg_match('#^[a-z0-9]{32}-[a-z0-9]{3,}$#i', $api_key) ); }