Currently a user with the Developer Role and an API Key can access all data available via API including user information and there is no option to limit the access to defined functions or non user data.
This leads to issues with granting the Role and access to APIs due to worker council / data privacy topics as the user could access this data so only selected people could get access.
There are many use cases a user would need a API Key (Qlik Data Transfer, Automation via API) without the need of accessing user data (like the Audit API user Events) and for many customers could not get this assigned due to the mentioned regulations on data security / worker council.
Beside an option of what API also a anonymized option would be useful where no user id / names are available.