Dual authentification cognito OR private api key


I’m wondering if this is possible. We are having a heavy utilized API, which is currently secured over API keys, since it’s mostly being used by other applications.
Now the need arises to alternatively have to secure it using cognito based authentication for some user front-ends, without breaking the existing API and if so, how can this be configured?

thank you!