We've found a minimal solution using query parameters and cookies that, for our use case, was adequate as an alternative to basic auth, not requiring any login screen and enabling virtually all clients to authenticate. The concept of the approach is pretty much globally applicable, but we'll showcase our implementation using Apache and .htaccess:

RewriteEngine On

RewriteCond %{QUERY_STRING} !^access_key=my-password$ [NC]
RewriteCond %{HTTP_COOKIE} !access_key=my-password
RewriteRule ^ - [R=511,L]

Header set Set-Cookie "access_key=my-password; path=/; Max-Age=3600; HttpOnly; Secure; SameSite=Strict"

Be sure to place the code at the beginning of the .htaccess file and to change out the 3 instances of "my-password" in the code to whatever the password should be. Since we're storing the password in plain text (not hashed) here, we recommend avoiding use of any sensitive password. Once authenticated, access lasts for an hour (or 3600 seconds), but that expiration timer is refreshed on every connection while still authenticated.

When implemented, if you visit any part affected by the .htaccess, you should get a 511 response "Network Authentication Required". To gain access, append the GET-parameter "access_key" to the visited URL and set it to your password. For example: https://foobar.com?access_key=my-password. While authenticated, you needn't add the parameter to the URL again, as authentication is kept track of by the server through a cookie.