The AWS API Gateway by default limits the maximum number of API keys per account per region to 500, however documentation notes this can be increased by request.
Is there a hard cap on the max upper limit? Are there soft limits for which requests are unlikely to be approved? Can I get to 10K keys on the max upper end?
I’m following the AWS developer portal setup walk-through using API keys for authorization and want to ensure the project reasonably scales beyond 500.
You can easily ask for an increase. But APIG has hard limit for the number of API keys. This limit is currently 10k per region and you cannot go beyond that.
If you need to go beyond that number, I would question if you really tend to create such a service, having 10k different users, with a potential blast radius. You might consider to split up your service into multiple APIGs to minimize the risk.
The other alternative would be create own API key mechanism. You can use Lambda authorizer  and store API keys let’s say in the DDB.