Currenly just the length of the api key is used as validation for that this could actually be a proper API key, it is not checked against anything. The vendor could be inferred from the chosen model to validate the key to reduce the number of misses in checking