Hi Rudra,
If the token is deleted from the DB, it should no longer be valid, perhaps you can check if it is still appearing in the oauth/manager? also, did you test the API within the period of the Cache Validation result of the "OTK Require OAuth 2.0 Token" assertion?
Testing within the period after a successful validation would still allow the token to pass as it has been cached.
Regards