asking a user to retrieve and enter their API key isn't a great option either.
I don't think it's unreasonable. It is a one-time set-up step, and you can just give them the link and have them copy/paste the key. You may dissuade very lazy users, but it's their loss. Alternatively, giving their login credentials may also scare away people.