You could use AWS WAF Rate limit Aggregate by Custom Key.
Rate limit by a component of the URL (an API key in this case)
I'm assuming what you meant by API keys on the URL is the Query argument?
You should be able to do Custom Keys -> Query Arguments, then pick your key
https://aws.amazon.com/blogs/security/discover-the-benefits-of-aws-waf-advanced-rate-based-rules/
Determine limit dynamically (different behaviour for different keys)
Feel free to create a custom rate limit rules for each of the Custom Keys as necessary
Perform some non-blocking action in the first instance of exceeding the limit, then block if the limit is exceeded consistently
Create 2 rate limit rules, 1 to notify you(COUNT) the other to BLOCK. Create 2 separate threshold for each of them. Do note that the COUNT need to be lower than the BLOCK
Log both of the above actions and do something with the outputted logs (i.e. forward them somewhere)
You can configure your WebAcl to output your logs to an S3 Bucket then use Athena to query it or Cloudwatch then query it using Cloudwatch log insight or you could use firehose and pipe it somewhere e.g Datadog Logs, Opensearch etc
https://docs.aws.amazon.com/waf/latest/developerguide/logging.html