When you revoke an OAuth2 client, access to the associated API and its resources is blocked when you try to access them using an OAuth2 token that is generated using the OAuth2 client.

It is recommended that a gateway instance (for example, Mediator) is up and running.

An OAuth2 client can be revoked by an API provider and an API consumer (who has requested the OAuth2 client). An API provider can revoke an OAuth2 client from the Asset Details page. While, an API consumer can revoke an OAuth2 client from the User Preferences page.