The OAuth plugin could be useful for the keys. It may look like OAuth is only for user authentication, but if you autogenerate the access tokens and give them to developers, instead of having an interactive user process with request tokens and account authorization, then you basically have a quite secure API key system. And the plugin will just drop in nicely.
Other than that, some nice use of rails' routes (with conditions to call a different action on get, post, put, etc, and a prefix of /api/v1/) and format (format.xml, format.js, etc) provides a pretty nice way to build RESTful APIs, withought really needing a plugin.
