You typically use delegated permissions when you want to call the Web API as the logged-on user. Say for example that the Web API needs to filter the data it returns based on who the user is, or execute some action as the logged-in user. Or even just to log which user was initiating the call.
Application permissions are used when the application calls the API itself. For example to get the weather forecast for a certain zipcode (it does not matter which user is logged on). The client can even call the API when there's no user present (some background service calling the API to update some status).
