Hi! As @billinghamj mentioned, for your client you should be using the Authorization code grant which allows Mondo users to grant permissions to your application (and crucially revoke access) rather than requiring them to give you their password.
We originally added the password grant for ease of use for developers as we developed the API and moved to support OAuth 2, however we’ll be removing it fairly soon now the Authorization code grant is fully up and running.
A client with
PENDING status in the developer tools means that you (the owner of a client) can authorise access to your own Mondo account for this client, but no other Mondo user can authorise their accounts - this is essentially a development mode for your application, and allows you to test it properly!
Once you’re happy with this we can also whitelist a few additional Mondo users (eg. friends / coworkers) to allow them to also authorise your client to access their accounts and test out your application, but we can’t currently grant all Mondo users access. There are a few privacy and security concerns, so this is something we’re very carefully considering - there’s a bit more info in our blog post here: https://getmondo.co.uk/blog/2016/02/03/mondo-api/
Hope that helps!