# Connections

Every connection should have a way to check if the used API key (token) is valid (a validation endpoint).

This means that each connection should have a part that uses the API key (token) against an endpoint that requires **only** the API key to run. For example, a user info endpoint, or any endpoint that is used to list data.

The validation endpoint is located:

* OAuth1 and OAuth2 - in the `info` directive
* API key, basic auth, digest auth, other - in the `url` in the Communication tab

{% hint style="info" %}
There are APIs that don't have a validation endpoint. In this case, it is recommended to call an endpoint that will work in every case and, if possible, will return the account's data, e. g. an endpoint `/about` or `/me`, etc.
{% endhint %}

{% tabs %}
{% tab title="Correct API Key" %}

<div align="left"><figure><img src="https://1562974717-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNS0mCBwODiYtOVXjc6qf%2Fuploads%2Fgit-blob-f8dff6d7f7fb95baba745f547f6a94ff0957cd7b%2Fconnection_correctAPIkey.png?alt=media" alt="" width="563"><figcaption></figcaption></figure></div>

{% hint style="info" %}
The API key is checked against the `/whoami` endpoint. If the API key is incorrect, this returns an error and the connection won't be created.
{% endhint %}
{% endtab %}
{% endtabs %}