From an infosec perspective, I can’t really see an issue. It doesn’t enter into the realm of identifiable data points (such as what GDPR would concern itself with) and therefore doesn’t constitute a privacy issue. Permission to access the API key is already given by giving the API key and the assumption that should be made whenever you give this out should be that the person who controls the site or app has visibility of this data.
The only opt-out would be “I don’t wish for for help troubleshooting my issue”