There's nothing wrong with it or with HTTP Basic Auth over HTTPS either for that matter.
The author doesn't seem to understand that HTTP Basic/Digest Auth is effectively exactly what he wants: a signed request that authenticates each API call. The fact that it goes in an HTTP header rather than some query parameter or something in the request body is only relevant in the case that users of your API don't have the ability to manipulate headers. This is a vanishingly small set of users. Whether they know how to do it or not is another matter.
The author doesn't seem to understand that HTTP Basic/Digest Auth is effectively exactly what he wants: a signed request that authenticates each API call. The fact that it goes in an HTTP header rather than some query parameter or something in the request body is only relevant in the case that users of your API don't have the ability to manipulate headers. This is a vanishingly small set of users. Whether they know how to do it or not is another matter.