That’s a pretty strange requirement.
Since basic auth is actually just looking at the Authorization header, you can just use a header matcher instead. The header is usually in this pattern:
Authorization: Basic base64_encode("<username>:<password>")
So all you need to do is take your API key they’re talking about, append : to it, then base64 encode that. Then you can match on that header value like this:
@authenticated header Authorization "Basic <base64 value>"
You could just respond with respond "Unauthenticated" 401 if that doesn’t match (add a not to that matcher to invert it).