Here is a code snippet to set up basic auth wuth username="someUser" and password="ThePassw0rd"

<policies>
    <inbound>
        <set-variable name="isAuthOk" 
value="@(context.Request.Headers.ContainsKey("Authorization") 
            && context.Request.Headers["Authorization"].Contains(
            "Basic " + Convert.ToBase64String(
                  Encoding.UTF8.GetBytes("someUser:ThePassw0rd")
                )
              )
              )" />
        <base />
        <choose>
            <when condition="@(context.Variables.GetValueOrDefault<bool>("isAuthOk"))">
            </when>
            <otherwise>
                <return-response>
                    <set-status code="401" reason="Unauthorized" />
                    <set-header name="WWW-Authenticate" exists-action="override">
                        <value>Basic realm="someRealm"</value>
                    </set-header>
                    <set-body>Wrong username or password</set-body>
                </return-response>
            </otherwise>
        </choose>
    </inbound>
    <backend>
        <base />
    </backend>
    <outbound>
        <base />
    </outbound>
    <on-error>
        <base />
    </on-error>
</policies>

If I understood your question, you can set the policy in: Apis -> All Apis or specifc -> Design -> Inbound processing -> Code View. Inside policies/inbound you can insert:

authentication-basic username="username" password="password"

See more in: https://docs.microsoft.com/en-us/azure/api-management/api-management-authentication-policies#Basic

You can use below code snippet https://github.com/Azure/api-management-policy-snippets/blob/master/examples/Perform%20basic%20authentication.policy.xml

<policies>
<inbound>
    <base />
    <choose>
        <when condition="@(context.Request.Headers.GetValueOrDefault("Authorization")==null || context.Request.Headers.GetValueOrDefault("Authorization").Length<1 || context.Request.Headers.GetValueOrDefault("Authorization").AsBasic().UserId!="{{UserId}}" || context.Request.Headers.GetValueOrDefault("Authorization").AsBasic().Password!="{{Password}}")">
            <return-response>
                <set-status code="401" reason="Not authorized" />
            </return-response>
        </when>
    </choose>
    <set-header name="Authorization" exists-action="delete" />
</inbound>
<backend>
    <base />
</backend>
<outbound>
    <base />
</outbound>
<on-error>
    <base />
</on-error>

And incase you want to store password to keyvault you can use below policy instead of above

<inbound>
    <base />
    <send-request ignore-error="false" timeout="20" response-variable-name="passwordResponse" mode="new">
        <set-url>https://mykvname.vault.azure.net/secrets/MySecretValue/?api-version=7.0</set-url>
        <set-method>GET</set-method>
        <authentication-managed-identity resource="https://vault.azure.net" />
    </send-request>
    <rewrite-uri template="/" copy-unmatched-params="true" />
    <set-backend-service base-url="https://testservice/" />
    <authentication-basic username="myusername" password="@{ var secret = ((IResponse)context.Variables["passwordResponse"]).Body.As<JObject>(); return secret["value"].ToString(); }" />
</inbound>

Hope this helps

I am able to solve this , I have added a access restriction policy for basic authentication and put a credentials in the policy.

Sample Policy

Basic B64Credentials