I started to think about this problem again after we discussed moderation interface. I don't know what was the initial reason to separate CritiqueBrainz into two applications connected with web API, but I think both can work well within a single application. If the reason was to separate functionality, I think this can be done by proper package separation within a single application.

There are several problems that we encountered already with current approach:

1. It is hard to test client without server. Writing mock server seems like an unnecessary complication in our case.

2. It is hard to modify existing functionality without breaking server API. This may not be a problem right now since we are in the early stages, but I'm sure it will become one later.

3. API seems like an unnecessary layer between server and our own client, especially in cases when we need very specific functionality. This includes moderation interface that I mentioned at the beginning. With current system we'll need to create additional API endpoints that, most likely, only we are going to use. In fact, we are already doing that...
For example, I don't think any other API client will need to have access to authorization scope. I'd even say that it is unsafe to expose it. Some people don't read info about scopes in OAuth prompts. This scope (authorization) allows application to have complete control over user account; it will be able to generate new OAuth tokens with any set of scopes. See https://github.com/metabrainz/critiquebrainz/blob/master/server/critiquebrainz/oauth/views.py#L10-L28.
Same applies to some other scopes like user, which allows applications to delete user account.

Obviously, there are other small issues caused by this separation. It would be nice to see some thoughts about this.