App login comes with several built-in limitations:
- Tokens obtained by applications can only read public content and services. Although you cannot use an App login with private content, if your goal is to distribute or sell an app to organizations without ArcGIS Online (no named users), you may control access to your content by using your own login mechanism (I.e. Identity) to the app.
- Tokens obtained by applications may read premium content and services hosted by Esri and consume credits on behalf of the application organization.
- Applications cannot create, update, share, modify, or delete items (layers, files, services, maps) in ArcGIS Online or Portal for ArcGIS.
- Applications built using app login cannot be listed in the ArcGIS Marketplace.
If you want to access private content within an organization or content that has been shared with a user, you must use the named user login pattern for authentication.
Although you cannot use an AppID with private content, if your goal is to distribute or sell an app to organizations without ArcGIS Online (no named users), it is not against the license agreement to use your own login to the app, given that the content has been shared publicly.