Shopify's public and private app definitions can be confusing and result in questions like this that I got from a reader:
We want to integrate with Shopify to bring in orders. I looked into this a while back and it appeared the best / maybe only way to do this would be via a public app. That seems like overkill for us with the authentication requirements in particular, given we don't expect more than a handful of stores to integrate with.
This reader is talking about how authentication works differently in public and private Shopify apps.
Private apps can just copy and paste some secret keys from the Shopify admin area and are ready to go.
Public apps however have to setup OAuth which is a complicated authorization request/response workflow to permit an app to connect to a store.
Recommendation: build a Public App
I would recommend creating a public app, or what I call an unlisted app. Getting the OAuth authentication to work can be a bit of a hurdle at first, but public apps work much better with multiple stores.
I actually have an unlisted app that I use with my development stores for testing. It's just a pretty website that lets me call Shopify APIs and see the output in my browser instead of having to write code to investigate the APIs.
Private App access
Until recently, private apps would be granted full access to a store's data. Which sounds great, but it's also a risk of something going wrong in the app and damaging the store's data. Public/unlisted apps can limit their data access which reduces that risk. A common example is to only ask for read access for orders, thereby preventing you from modifying them on accident.
Recently Shopify added some permissions to private apps which partially addresses this concern. The problem is that those permissions, and setting up a private app in general is technical enough to be confusing to non-technical users.
Getting into the Shopify App Store
If you ever want to get into the Shopify App Store, you can only submit public apps. It's possible to start with a private app and convert it over to a public app later, but that's more effort than starting with a public app from the beginning (plus you'd need to have every store re-authorize your app after the switch).