May I ask how you are intending to use the external key service?
There are varied ways in which an external security service may be used within Gateway policy to perform functions in service of securing API access. For example, an external Identity Provider (i.e., user store or directory) can be easily configured with the Gateway for performing user authentication together with Access Control assertions like "Authenticate Against Identity Provider" or "Authenticate User or Group". Or perhaps the OAuth Toolkit (OTK) may be installed with the Gateway so that OAuth constraints (require a valid access token with approved scopes) may be used to restrict access to protected endpoints.
In the latter scenario involving the OTK, there are various hooks in the Authorization Server implementation where an external service may be called to offload authentication steps to an IDP or security service. Further, the OAuth standard defines extension grant types including bearer token types that are supported in the OTK for use with an external token provider.
If you inquiring specifically about the use of API keys within the Developer Portal, you will find an attached WADL describing the interfaces available in the API Key Management Service that may be used to register applications with your own externally-generated API keys.
Hope this information is helpful.