Integration with GSX for Warranty Reminders

Last updated:

Watchman Monitoring does not provide GSX Access  

Watchman Monitoring leverages AppleCare's GSX API to provide Authorized Service Providers (AASP) a means of automatically looking up the status of AppleCare Expirations attached to computer records.

Due to Apple's terms and conditions, automated warranty lookup requires you to provide a valid AppleID with access to GSX.

If your organization owns many Apple devices, you can reach out to Apple for a Self Servicing account at:

We leverage existing GSX Access. Unfortunately, we are unable to grant GSX access.

AppleCare SSL Certificate Information

Watchman Monitoring is worked directly with AppleCare to help streamline their certificate authentication process.

As of June 2015, AppleCare has whitelisted our IP Addresses. This means that you do not need to add our IP range into your SSL Certificate request.

Click here for instructions on how to request your certificate

Activating Automatic AppleCare Lookups

Once you have your AppleCare provided SSL Certificate, follow the Warranty Updater Setup instructions:

In compliance with AppleCare's guidelines, GSX Lookups are performed by the Subscriber using a valid AppleCare provideded certificate, from an IP they have whitelisted.

This tool needs to be installed on just one computer in your organization. The tool is lightweight, and is well suited to run on the same Mac which handles runs AST diagnostics gateway.

Subscribers may look up warranty status for multiple Watchman Monitoring accounts from a single computer/certificate/ip, by creating additional entries in the Warranty Updater tool.

Setting up A GSX User

  • Use an existing Apple ID, or create a new Apple ID at 
    Using the same Appled ID as your AST Server should work fine.
  • Confirm that this AppleID can login to your GSX Account at .
    Note: Two-Factor Authentication is required, and can take up to 3 days to activate.
  • Click Settings at the top. Click Permissions.
  • Confirm "My Privileges" can “Access Web Services”.
GSX Permissions: Can access Web Services


Ensure Web Services is selected Global Service Exchange in the MyAccess account management area.

  1. Log into MyAccess
  2. Go to My Team
  3. Select the User
  4. Select Global Service Exchange
  5. If you do not see Web Services in Access Roles > Optional Privileges, click Update Access and select Web Services.
  6. Locate the confirmation email and approve the change.

AppleCare GSX Certificate Creation

This process assumes that you already have a valid Sold-to account with Apple, and it has been granted access to 

For those who have GSX Access (Authorized Service Providers, Resellers, Self-Servicing accounts, etc) you can follow the certificate creation instructions we published here:

This will step you through the process of creating two key & csr pairs (testing & production) on your computer, and send the .csr files to AppleCare for signing.

AppleCare issues each "Sold-to" one testing and one production certificate. The certificate, and its related key, can be used on any system that Sold-To manages. The systems which use them may be your JSS Server, a Lightspeed On-Site Point of Sale system, PIMs Point of Sale, your own home-brewed system, or in conjunction with a Watchman Monitoring subscription.

Another key point is that in addition to certificate based access, the GSX API can only be accessed from static IP Address(es) which are whitelisted by AppleCare. They will whitelist many IP addresses as you need, but will not work with dynamically assigned addresses from your ISP.

For those who have servers at locations without static IP addresses, we have a number of subscribers who have successfully tunneled their solution's access to the block over a VPN to a static IP Address they do have.

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.