Auth Basic can be done directly against postgres, plus a few more modules (headers-more and eval was how I did it, IIRC). Could probably do it with just openresty too.

After authentication, you have the credentials needed check authorization, it'd probably just involve a few changes to the SQL in the article.

Presumably with an 'api_key' table and an 'Authorization' header. Alternatively, Nginx can do cookies and have if-then logic to check them.

You can easily do AuthBasic in nginx with a user file