I propose that configurable usage alarms be provided for each API key that is created in the Developer's dashboard. Any number of metrics could be very useful, but something as simple as "alert me after 15,000 geocodes this month" would make API key maintenance and management much easier for ArcGIS developers.
According to the developers.arcgis.com documentation regarding API Key Security, there are a few best practices for avoiding abuse of our API keys. These practices include limiting public exposure, configuring allowed referrers, scoping your API key to just the required services, rotating your keys, and, perhaps most importantly, monitoring usage.
Most of the best practices listed in the documentation are one-time development concerns. For example, I'll set up the referrer headers when I create the API key (or rotate it), then probably never think about it again. Usage monitoring, however, is not a set-it-and-forget-it concern.
Effective monitoring would require checking the dashboard quite vigilantly. Depending on a project's budget and the abuse the took place, the abnormal or abusive usage could be quite expensive by the time it is noticed. Further, as the number of apps under any individual developer's maintenance purview begins to grow, the expectation for manual usage monitoring becomes pretty unrealistic.
I believe this feature could really help avoiding unexpectedly large bills and/or damage to our systems.
