You can rotate a client secret to generate a new secret for an API client. This invalidates the previous secret, which can then no longer be used to generate access tokens.
Note:
Adding or removing privileges from an API role does not require regeneration of a client secret. Adding or removing an API role from an API client does require the generation of a new client secret for the changes to take effect.
The previous client secret is invalidated and can no longer be used to generate an access token. A new client secret is created.