It is possible to use 'basic authentication' from authentication service rule, However I am not sure about the production environment if that's a good practice, probably not. It depends on your business requirement as how you want users to get authenticated in different situations.
in our scenario we are compliant with customer requirement with basic auth, but in order to provide that solution we need official communication from Pega about the usage of that capability in production, could you help me?
If you have such a business scenario, you can select basic authentication from your SAML/custom authentication service rule. Mostly basic authentication in prpc comes in scenarios like when there is a authentication timeout or any kind of challenge you face in authenticating user. Please check the custom tab of authentication service rule, it should give you more idea to handle the authentication challenges using basic authentication.
I don't find any problem in using basic authentication until the Users/Applications connects to a web server (website) secured with SSL. In case you are using payment gateway in your system, you have to provide more security as per the standard like PCI compliance and similar organization.