WebDAV could of course accept tokens instead of password. It would be like app passwords in e.g. Gmail. It would be the best if there would be a special token only for WebDAV.
The access log of the professional edition could then also log which token was used (I’m not sure if WebDAV is logged at all so far).