Synopsis We are having exactly the same problem as the original poster here. I talked with Apple Support and they recommended I post in this forum to try to get input from others who may have encountered the same issue and maybe can explain what we are doing wrong. We are an MDM Vendor and provide an MDM management solution to Enterprise customers. While the Apple Business Manager does provide a control to disable activation lock on a specific device, and that DOES work, we need to be able to do this through an API as our customers’ help desk personnel will likely not have Device Enrollment Manager Roles in Apple Business Manager to remove the lock through the Apple Business Manager API. We are following the instructions at https://developer.apple.com/documentation/devicemanagement/activation-lock-devices We have enrolled our device through Automated Device Enrollment and the device is properly represented in Apple Business Manager. We were able to successfully enable the activation lock by using the api https://mdmenrollment.apple.com/device/activationlock. When we try to unlock the api using the https://deviceservices-external.apple.com/deviceservicesworkers/escrowKeyUnlock api we are getting Escrow key mismatch error. The serial number below has been obfuscated, we used the actual device serial number in these APIs. Lock API POST https://mdmenrollment.apple.com/device/activationlock Request { "escrow_key": "J0QLT-5C32E-WTP5-R0QR-QPV0-07C6", "device": “M**7YKF***”, "lost_message": "Activation Lock Enabled" } Response { "serial_number": “M**7YKF***, "response_status": "SUCCESS" } ` Unlock API Request curl --location 'https://deviceservices-external.apple.com/deviceservicesworkers/escrowKeyUnlock' \ --header 'Content-Type: application/x-www-form-urlencoded' \ --data-urlencode 'productType=iPad13,18' \ --data-urlencode 'serial=M**7YKF***' \ --data-urlencode 'escrowKey=J0QLT-5C32E-WTP5-R0QR-QPV0-07C6' \ --data-urlencode 'orgName=HCL' \ --data-urlencode 'guid=00008101-001C2DDC36A2601E' Response <?xml version="1.0" encoding="UTF-8"?> <ns:escrowKeyDeviceServicesResponse version="1" xmlns:ns="http://www.apple.com/cds/mdmescrowKeyDeviceServices/xml"> <error code="1002" message="Escrow key mismatch"/> </ns:escrowKeyDeviceServicesResponse> Note: We have tried this with both the device generated bypass code as well as our MDM generated bypass code and both fail the same way. The sequence we used is Wipe ipad On restart, the device gets DEP enrolled. Retrieve device bypass code with curl Enable activation lock using curl and supplying the generated escrow code Try to unlock using the original device bypass code (fails) Try to unlock using pushed bypass code (fails) Can anyone see what we are doing wrong with the curl request, or please let us know if anyone has successfully managed to use these APIs to disable Activation lock for an Apple device? Has anyone managed to remove the lock on either an iPhone which has a SIM or from an iPhone that can only use WiFi. We are also supplying the APNS certificate for authorization as part of the curl request