OAuth tokens are searchable, and can also be revoked, using Apigee Management APIs. To achieve this, the feature must first be enabled. This must be done by a user with the sysadmin role.
For Apigee Edge Cloud:
curl -u ${USERID}:${PASSWORD} -H "Content-type:text/xml" -X POST -d '<Organization type="ORG_TYPE" name="ORG_NAME"><DisplayName>ORG_DISPLAY_NAME</DisplayName><Properties><Property name="features.isOAuthRevokeEnabled">true</Property><Property name="features.isOAuth2TokenSearchEnabled">true</Property></Properties></Organization>' <a href="https://api.enterprise.apigee.com/v1/organizations/ORG_NAME">https://api.enterprise.apigee.com/v1/organizations/ORG_NAME</a>
For Apigee Edge On-Prem:
curl -u ${USERID}:${PASSWORD} -H "Content-type:text/xml" -X POST -d '<Organization type="ORG_TYPE" name="ORG_NAME"><DisplayName>ORG_DISPLAY_NAME</DisplayName><Properties><Property name="features.isOAuthRevokeEnabled">true</Property><Property name="features.isOAuth2TokenSearchEnabled">true</Property></Properties></Organization>' <a href="http://MANAGEMENT_HOST:MANAGEMENT_PORT/v1/organizations/ORG_NAME">http://MANAGEMENT_HOST:MANAGEMENT_PORT/v1/organizations/ORG_NAME</a>
Enabling the above will allow you to use Management API calls to search and revoke, as outlined in the following two documents.
First, you would use this:
http://apigee.com/docs/management/apis/get/organizations/%7Borg_name%7D/oauth2/search
and then this:
For a cloud org, can this be self-enabled, or do we need Apigee support to do additional steps. The doc probably needs an update in that case.