This is something you would have to track.
You could track the number of times the Key is used (by checking the Security log for logins by the user associated with the key)
You could add some code in the services the Key invokes and aggregate number of requests that way.
Based on that you can then send out notifications, remove AppKeys etc.
Hi nirav parikh,
In addition; please provide limited Rights to the user associated with the Appkey. You should also consider to use separate Appkey for different third party Application to differentiate which server sent the request.