CSP is a technique designed to impair xss-attacks. That is, it is most useful in combination with serving hypermedia that relies on other resources being loaded with it. That is not exactly a scenario I would expect with an API. That is not to say you cannot use it. If there really is no interactive content in your responses, nothing could hold you from serving this header:
Content-Security-Policy: default-src 'none';
Going one step further, you could use CSP as some sort of makeshift Intrusion Detection System by setting report-uri
in order to fetch incoming violation reports. That is well within the intended use but still a bit on the cheap.
In conclusion, it can theoretically improve the security of your API through little effort. Practically, the advantages may be slim to none. If you feel like it, there should be no harm in sending that header. You may gain more by e.g. suppressing MIME-type sniffing, though.
See also: The OWASP Secure Headers Project