Token and address of the robot vacuum cleaner Xiaomi: where to get and how to use

Why the token and IP-Xiaomi robot vacuum address is so important

Xiaomi’s robot vacuum cleaners (Mi Robot Vacuum, Viomi, Dreame series) work through the company’s cloud, but advanced management – integration with Home Assistant, Node-RED or third-party applications like Valetudo – requires a local token and a new one. IP-You can't do it without them:

- Manage the vacuum cleaner without the Internet (for example, through a local network).

Set up automation on schedule without depending on Xiaomi servers.

Use alternative firmware or custom scripts for advanced functions (zoning, virtual walls, manual commands).

The manufacturer doesn't advertise this data, but it can be obtained legally, without hacking or violating the license agreement, and then we'll look at all the current methods for different models and operating systems.

πŸ“Š What model of Xiaomi robot vacuum cleaner you use?
Mi Robot Vacuum (1S/2/3C, etc.)
Viomi V2/V3
Dreame D9/F9
Another model

Method 1: Receiving a token through Mi Home (official application)

The easiest method is to extract the token from the traffic of the official Mi Home app. It runs on Android (root or root required). MITM-proxy) and iOS (jailbreak only or through a computer).

For Android (without root)

If you do not have a superuser, use it. HTTP-traffic-analyzer:

  1. Install the Packet Capture app or HTTP Toolkit from Google Play.
  2. Start capturing traffic and open Mi Home.
  3. Go to the robot vacuum cleaner settings and wait for the data to synchronize.
  4. In the logs, find a request to the domain api.io.mi.com - the token will be in the "ssecurity" parameter.

Attention! The token in traffic is transmitted in the open, but it can only be used for local management (via the Internet). LAN). For the cloud. API Additional authorization will be required.

For iOS (with a computer)

On an iPhone without jailbreak, the token can be intercepted through MITM-proxy:

  • πŸ–₯️ Install Charles Proxy or Fiddler on PC/Mac.
  • πŸ“± Configure a proxy server on iPhone (in Settings) β†’ Wi-Fi β†’ Set up a proxy).
  • πŸ” Start capturing traffic and open Mi Home, wait for the status update vacuum cleaner.
  • πŸ”‘ Look in the logs. JSON The token field is the key you need.

πŸ’‘

If the token is not displayed, try disabling SSL encryption in the proxy settings or use mitmproxy with a certificate.

Method 2: Removing a token from a Mi Home backup

This method works on Android and does not require root rights, but you need a backup of your Mi Home settings.

  1. Open Mi Home, go to Profile β†’ Settings β†’ Backup.
  2. Create an archive and save it to your device (the file will be with the.mi extension).
  3. Download the utility mihome-decrypt (Python) and unpack the archive:
python mihome-decrypt.py -d backup.mi

In the file received devices.json Find the section with your vacuum cleaner – there will be fields β€œtoken” and β€œlocalIP" (IP-local-network address).

Warning: Mi Home backups are encrypted with a key attached to your account, and if you changed your password after you created the backup, the decryption may not work.

Make sure the backup is created after the last vacuum cleaner added to Mi Home|

Download the latest version of Python (3.8+)|

Check that the backup.mi file is not corrupted (size > 100 KB) |

Disable two-factor authentication in your Xiaomi account (can block access)

-->

Method 3: Using scripts for Windows/Linux/Mac

For users who prefer to work on PC, there are ready-made solutions:

MethodOSRequirementsReference
mirobo.pyWindows/Linux/MacPython 3.6+, python-miioGitHub
TokenExtractorWindows.NET Framework 4.5GitHub
Home Assistant (Integration)Anybody.Installed Home AssistantDocumentation.

Example of working with mirobo.py:

pip install python-miio


mirobo discover




mirobo info --ip 192.168.1.100 --token YOUR_TOKEN_HERE

Attention! If the vacuum cleaner is connected to a 5GHz network, some scripts may not detect it. Switch to 2.4GHz or point IP-manual.

What to do if the script does not find the vacuum cleaner?
1. Check that the device and computer are on the same network. 2. Turn off the firewall/antivirus – they can block UDP-packet. 3. Use the arp command. -a (Windows or nmap -sn 192.168.1.0/24 (Linux/Mac) search IP-vacuum-dress. 4. Make sure the vacuum cleaner is not sleeping in Mi Home (click "Awake" in the app).

Method 4: Manual receipt IP-vacuum-dress

Token is half the story. Local management also needs to be about IP-The address of the device on your network. There are 4 ways to find it:

  • πŸ“± Through Mi Home: Device settings β†’ General. β†’ Network (not for all models).
  • πŸ–₯️ Through router: Go to the web interface (usually 192.168.1.1) and find a device called roborock or miio.
  • 🐧 Through the terminal (Linux/Mac): ping roborock-vacuum.local or avahi-browse -r _miio._udp.
  • πŸ” Through the network scanner: Fing (mobile) or Advanced applications IP Scanner (PC).

IP-The vacuum cleaner address may change when you restart the router if you do not have a binding set up on the router. MAC. To secure the address:

  1. Find it. MAC-vacuum address in router settings.
  2. In the router administrator panel, add static DHCP lease for this MAC.

πŸ’‘

If the vacuum cleaner does not respond by IP, check if the router blocks it (turn off Customer Isolation or Guest Network).

Method 5: Alternative methods (for advanced users)

If the standard methods do not work, try:

1.Through ADB (Android)

If you have root access, you can extract the token from the Mi Home database:

adb shell


su




cd /data/data/com.xiaomi.smarthome/databases




sqlite3 mihome.db




SELECT token FROM devices WHERE model LIKE '%roborock%';

2. via iTunes Backup (iOS)

On the iPhone, the token is stored in iTunes backup. Use iMazing or iExplorer utility to extract the mihome.sqlite file from the backup.

Some services offer to β€œpull” the token through a Xiaomi account, but this violates privacy policy and may result in the device being blocked.

πŸ’‘

For Dreame models (e.g., D9), the token can be obtained through the Dreamehome app in a similar way – by intercepting traffic to the api.dreame.home domain.

How to check the health of the token and IP

Before using the token on third-party systems (such as Home Assistant), check its validity:

  1. Set the python-miio:
pip install python-miio
  1. Run a command to check the connection:
mirobo info --ip 192.168.1.100 --token YOUR_TOKEN_HERE

If the team returns the vacuum cleaner data (battery charge, status, model), the token and IP are correct.

  • πŸ”„ Token is outdated (reconnect the vacuum cleaner to Mi Home and get a new one).
  • 🌐 IP-Changed address (find current via router).
  • πŸ”’ The device is tied to another region (check the server in Mi Home).

Frequent mistakes and their solutions

When working with tokens and IP-Users are faced with typical problems:

Mistake.Reason.Decision
DeviceException: Unable to discover the deviceThe vacuum cleaner is not on the network or blocked by the routerCheck Wi-Fi connection, turn off firewall on router
Invalid tokenToken is false or obsoleteGet a new token (see Method 1 or 2)
Vacuum cleaner not responding to commandsIP-addressSecure your IP via DHCP or find a new one
Not a roborock vacuumThe wrong model in the scriptSpecify the correct --model (e.g. roborock.vacuum.a1)

If you use Home Assistant, make sure the configuration is correct. device_id. It can be found in Mi Home (in the address bar when you open the device) or through the command:

mirobo info --ip YOUR_IP --token YOUR_TOKEN | grep "Device ID"
Can I use one token for several vacuum cleaners?
No, every Xiaomi robot vacuum cleaner has a unique token, it's tied to a specific device and Mi Home account, and if you have multiple vacuum cleaners, you need to get a token for each one separately.
What happens if the token falls into the wrong hands?
The token allows you to control the vacuum cleaner only on the local network, and an attacker cannot remotely connect to your device without accessing your Wi-Fi: πŸ”„ Start/stop cleaning. πŸ“ Get a room map (if the model supports card retention). πŸ”‹ To recall the token, remove the vacuum cleaner from the Mi Home and add it again.
Does this method work for Dreame and Viomi vacuum cleaners?
Yes, but with reservations: Dreame: use the Dreamehome app and intercept traffic to api.dreame.home. Viomi: the token is extracted similarly to Xiaomi, but the model in the scripts is indicated as viomi.vacuum.v6 (or your version). Viomi V2/V3 may require additional authorization via miot-spec.
How often should the token be updated?
The token has no expiration date and is valid as long as: πŸ”„ You haven't removed the vacuum cleaner from Mi Home. πŸ”’ Has not changed the password from the Xiaomi account. πŸ“± The phone settings were not reset (if the token was extracted from the backup). If the token stopped working, just reconnect the vacuum cleaner in the application - the new key is generated automatically.
Can you control a vacuum cleaner without a token?
Yes, but with limitations: βœ… Mi Home (complete functionality but cloud-dependent). βœ… Physical buttons on the body (start/stop, return to base). ❌ You can't integrate with Home Assistant, Node-RED, or use custom firmware. API token is mandatory.