Is it Meaningful to Add 'x-frame-options' in an Restful API
Edit 2019-10-07: @Taytay's PR has been merged, so the OWASP recommendation now says that the server should send an X-Frame-Options header.
Original answer:
OWASP recommends that clients send an X-Frame-Options header, but makes no mention of the API itself.
I see no scenario where it makes any sense for the API to return clickjacking security headers - there is nothing to be clicked in an iframe!
OWASP recommends that not only do you send an X-Frame-Options header but that it is set to DENY.
These are recommendations not for a web site but for a REST service.
The scenario where it makes sense to do this is exactly the one the OP mentioned - running a vulnerability scan.
If you do not return a correct X-Frame-Options header the scan will fail. This matters when proving to customers that your endpoint is safe.
It is much easier to provide your customer a passing report than have to argue why a missing header does not matter.
Adding a X-Frame-Options header should not affect the endpoint consumer as it is not a browser with an iframe.