By sending tokens instead of application credentials we reduce the risk of exposing credentials in every API call.
Using the organization credentials provides wider access to BaaS. The application credentials reduces the scope of access but is still risky as it is potentially non-expiring.
It is preferred to use the token based invocation of BaaS API.
LinkedIn
Twitter
