The Xiaomi Vacuum Mop robot vacuum token is a unique digital key that allows access to advanced device management through third-party applications, scripts or smart home systems. Without it, it is impossible to integrate the vacuum cleaner with Home Assistant, Node-RED or other platforms, or use informal firmware or automation. The problem is that Xiaomi does not provide the token openly: it needs to be extracted independently, and here users face a lot of pitfalls โ from changing authentication protocols to blocking accounts for โsuspicious activity.โ
In this article, we will discuss 5 working ways to obtain a token for all Xiaomi Vacuum Mop models (including S5/S6/S7, P10, X10+ and others) relevant for 2026. We will pay special attention to bypassing the new Xiaomi restrictions that were introduced after the MiIo 2.0 protocol update in 2023. You will learn how to avoid Invalid token or Device not found errors, and what to do if the token suddenly stopped working after updating the vacuum cleaner firmware.
1.Official method: extraction of the token through Mi Home (Android)
The most reliable method is to get the token directly from the official Mi Home app, but it requires an Android device with root rights or the use of specialized tools. Xiaomi actively blocks such actions, so we apply a workaround.
You'll need:
- ๐ฑ Smartphone on Android 8.0+ (without MIUI โ Better pure Android or LineageOS)
- ๐ง Kiwi Browser app (with extension support)
- ๐ MiTokenExtractor extension (installed in Kiwi Browser)
- ๐ Login and password from the account Mi Account, which is tied to the vacuum cleaner
Step-by-step:
- Install Kiwi Browser and add the MiTokenExtractor extension to it via the extension menu (chrome://extensions).
- Sign in to Mi Home on this device and make sure the vacuum cleaner is displayed in the list of devices.
- Open the Kiwi Browser page https://account.xiaomi.com/ and log in to your account.
- In the MiTokenExtractor extension panel, click Start Sniffing and return to Mi Home.
- Open the vacuum cleaner card and perform any action (e.g., start cleaning) the token will appear in the expansion logs.
โ ๏ธ Attention: If you are using MIUI, It can block traffic interception, so try the airplane mode with Wi-Fi on, or use the second method.
Install Kiwi Browser|Add the extension MiTokenExtractor|Authorize in Mi Home|Run sniffing in extension|Play the action with a vacuum cleaner-->
2. Alternative method: through Python script (without root)
If you don't have root rights, but you have access to a computer, you can use a Python script that emulates authorization to Mi Account and extracts a token, which works even on iOS, but requires minimal terminal skills.
Instructions:
- Install Python 3.8+ and the Miio: Pip install python-miio library
- Download the script get_miio_token.py (Updated for MiIo 2.0).
- Open the script and enter the username / password from Mi Account: python get_miio_token.py
- The script will display a list of devices with their tokens. Find a row with a model of the vacuum cleaner (for example, roborock.vacuum.a10).
Advantages of the method:
- ๐น It works without root and on any device.
- ๐น Supports new Xiaomi protocols
- ๐น It can be automated (for example, to obtain tokens of several devices)
โ ๏ธ Note: Xiaomi can block an account for โsuspicious activityโ if you use this method frequently, we recommend that you enable two-factor authentication and use the method no more than 1 time per month.
๐ก
If the script gives an error, try changing the region of your Mi Home account to Singapore or Germany, which bypasses some restrictions.
3. Token extraction via Home Assistant (for experienced)
If you already use Home Assistant, the token can be obtained directly through Xiaomi Miio integration, which is suitable for users who already have a vacuum cleaner connected to the system, but the token is unknown.
Algorithm of action:
- Open the configuration file configuration.yaml and add: vacuum: - platform: xiaomi_miio host: 192.168.1.100 # IP your token vacuum cleaner: YOUR_TOKEN # leave empty
- Reboot Home Assistant.
- In the logs (Developer Tools โ Logs) find the error string containing the token (example: Failed to connect to vacuum with token: 1234567890abcdef1234567890abcdef).
This method works because Home Assistant, when a connection error is made, displays the token in the log. After receiving the data, remember to delete the token string from the configuration to avoid leaks.
Why Home Assistant shows the token in the logs?
4. Obtaining a token through Mi Home (iOS) using MITM-proxy
For iPhone or iPad owners, the process is complicated by the closedness of iOS, but you can get around the restrictions by intercepting traffic through a proxy server.
Instructions:
- ๐ฅ Install Charles Proxy on PC and set it up to intercept HTTPS-traffic (include) SSL Proxying for domain api.io.mi.com).
- ๐ฑ On iPhone, connect to the same network as your PC and set up a proxy in Settings โ Wi-Fi โ (your network) โ Set up a proxy โ Manually (specify) IP PC and port 8888).
- ๐ Install Charles Certificate on iPhone (instructions on the developerโs website).
- ๐ฑ Open Mi Home, log in and perform any action with a vacuum cleaner.
- ๐ฅ In Charles Proxy, find a request for /home/device_list โ will be the token.
The complexity of the method:
- โ ๏ธ Requires proxies and certificates skills
- โ ๏ธ Xiaomi may block an account if intercepted
- โ ๏ธ On iOS 15+ You need to disable the certificate check in the application settings (if available)
Through Mi Home (Android)|Python-script|Home Assistant|MITM-proxy (iOS)|Another way.-->
5. Buying a token: risks and alternatives
On the Internet, you can find offers for the sale of tokens for Xiaomi Vacuum Mop - from 50 to 500 rubles.
| Risk | Effects of consequences | How to avoid |
|---|---|---|
| Account data breach | The seller can access your Mi Account and other devices | Use a temporary account only for the vacuum cleaner |
| An invalid token | The token may be withdrawn or owned by another device | Check the token through miio inspect before payment |
| Locking the device | Xiaomi may block vacuum cleaner for โillegalโ use | Do not use tokens from dubious sources |
An alternative to buying is to exchange tokens in communities (for example, on the 4PDA forum or in Telegram chats on Home Assistant), where tokens are often shared for free, but check their relevance!
6. Frequent errors and their solutions
When dealing with tokens, users face typical problems.
Mistake: Invalid token
- ๐ธ Token is outdated (valid for 1 year or until the password change in Mi Account)
- ๐ธ The device is tied to another region (check in Mi Home)
- ๐ธ Vacuum cleaner updated the firmware and changed the protocol (need token for MiIo 2.0)
Error: Device not found
- ๐ธ Wrong. IP-vacuum cleaner address (check in router or via nmap)
- ๐ธ Vacuum cleaner in sleep mode (wake it with a button on the case)
- ๐ธ Local Access Lock in Mi Home Settings (Disable Local Network Permission)
Error: Unauthorized when authorizing
- ๐ธ Two-factor authentication enabled (should be temporarily disabled)
- ๐ธ Account blocked for โsuspicious activityโ (email in support of Xiaomi)
- ๐ธ Used. VPN or proxy (turn off and try again)
๐ก
If the vacuum cleaner has stopped responding to commands with the token, check it first. IP-Xiaomi frequently changes local addresses IP post-firmware update.