I think we should track the last used date (and possibly IP address) of an API key directly in the api_keys table. This would be easy to implement and enhance auditing capabilities.
This information is already tracked in the audit log, but tracking it directly against the key itself allows you to quickly what's in use and what isn't.