Why Xiaomi vacuum cleaner token is so important for Android users
The Xiaomi robot vacuum cleaner access token is a unique digital key that unlocks advanced device management capabilities. Without it, you are limited to the standard functionality of the Mi Home app, whereas with the token you can integrate the vacuum cleaner into smart systems like Home Assistant, Node-RED or even create your own automation scenarios through Python.
Android makes it harder to get this token than iOS because of the Mi Home app and the limitations of the operating system, but thatβs why weβve prepared a detailed guide to current methods for 2026 that work even for newer models of vacuum cleaners (Xiaomi Robot Vacuum S10, Xiaomi Mijia 1T, Dreame Bot Z10 Pro, etc.) In this article, youβll find not only step-by-step instructions, but also a breakdown of typical bugs, safety tips, and alternative solutions for cases where standard methods donβt work.
Method 1: Receiving a token through HTTP-Proxy (the most reliable method)
This is considered the most versatile method, as it works regardless of the version of the Mi Home application and the vacuum cleaner model, the essence of which is to intercept network traffic between your phone and Xiaomi servers, where the token is transmitted.
- π± Android smartphone with root rights or the ability to install a user certificate
- π» Computer with Charles Proxy or Fiddler installed
- π Xiaomi vacuum cleaner connected to the same Wi-Fi network as the phone
- π² Mi Home app (version no older than 6.0.100) to simplify the process)
Step-by-step:
- Set up a proxy on your PC: Install Charles Proxy and run it. In the Proxy β Proxy Settings menu, set port 8888 and tick Enable transparent HTTP proxying. Go to Proxy β SSL Proxying β SSL Proxying Settings and add the *.mi.com domain.
- Connect Android to a proxy: On your phone, go to Settings β Wi-Fi, click on your network and select Change Network β Additional settings. Set the proxy type Manually, enter your PC's IP and port 8888. Save settings and connect again.
- Installation of Certificate: On PC in Charles Proxy, select Help β SSL Proxying β Install Charles Root Certificate on a Mobile Device chls.pro/ssl In your browser and download the certificate. Set the certificate in Settings β Security β Installation from storage (may be required) PIN-code).
Token interception:
- Open Mi Home, log in and go to the vacuum cleaner management page.
- In Charles Proxy, enter miio in the filter and you will see API requests.
- Find a query with a URL containing /miio/miboy (for vacuum cleaners) or /miio/leshi (for some models).
- The server response will be the line "token": "your token here" - copy it.
βοΈ Checklist for Proxy Method
Advantages of the method: it works for all models of vacuum cleaners, including new ones, and does not require unlocking the loader.
What if the token is not displayed in the logs?
Method 2: Using ADB to extract a token (without root)
If you donβt have root rights but have access to ADB (Android Debug Bridge), you can try extracting the token directly from the memory of the Mi Home app.This method is suitable for most Android 8.0 and higher devices, but requires debugging over USB.
You'll need:
- π± Android smartphone with enabled debugging USB (Settings β The phone. β Build Number β tap 7 times, then return to Settings β For developers β Debugging by USB)
- π» Computer with installed ADB tools (you can download from the official website)
- π Cable USB connect phone to PC
Instructions:
1. Connect the phone to the PC and confirm the debugging permission.
2. Open the command line (Windows) or terminal (macOS/Linux) and execute:
adb devices
(Your device should be displayed)
3. Launch Mi Home and log in.
4. execute the command for the application memory dump:
adb shell dumpsys meminfo com.xiaomi.smarthome -d
5.In the output, find the line with "token" - it can be disguised, but usually contains 32 characters.
6. Alternative method (if no token is found):
adb shell "run-as com.xiaomi.smarthome cat /data/data/com.xiaomi.smarthome/shared_prefs/mi_push_sdk.xml"
(Look for <string name="device_token">)π‘
If the run-as command doesnβt work, try using adb backup to back up Mi Home data, and then extract the token from the backup.ab file using the abe (android-backup-extractor) tool.
Important: In the newer versions of Mi Home (6.5+), the token can be stored in encrypted form, in which case only the proxy method or specialized utilities like MiTokenExtractor will help.
Method 3: Alternative applications for token extraction
If previous methods seemed too complicated, you can use third-party applications that automate the process of obtaining a token.
| Annex | Need root? | Supported models | Reference |
|---|---|---|---|
| Mi Home Token Extractor | No. | All Xiaomi/Dreame vacuum cleaners | Google Play |
| Packet Capture | No, but you do. VPN-regime) | Any Mi Home devices | Google Play |
| PCAPdroid | No. | All models (requires customization) | Google Play |
| TokenGrabber (informal) | Yes. | Only the old versions of the Mi Home | 4PDA |
How to use Mi Home Token Extractor:
- Install the application and open it.
- Click Start Extraction and wait for the Mi Home launch request.
- Log in to Mi Home and go to the vacuum cleaner management page.
- Return to Token Extractor β the token will appear in the Device Token field.
- Copy it and save it in a safe place (e.g. Google Keep or 1Password).
Warning: Some apps on this list may require additional permissions or contain ads. Check reviews and rankings on Google Play before installing.
Method 4: Manually request a token through the Xiaomi API (for advanced)
If you're familiar with the API, you can get the token directly through queries to Xiaomi's servers, which requires knowledge of Python or cURL, but gives you complete control over the process.
Algorithm of action:
- Get userId and ssecurity from the Mi Home cookies (can be extracted via Charles Proxy or Fiddler).
- Make a request to API: POST /home/rpc/miIO.migiao.service HTTP/1.1 Host: api.io.mi.com Content-Type: application/x-www-form-urlencoded Cookie: userId=YOUR_USERID; serviceToken=YOUR_SSECURITY {"method":"get_device_list","params":[{"getVirtualModel":false,"getHuamiDevices":1,"getSplitDevice":false,"supportSmartHome":true}]}
- In the answer, find a block with a "token" for your vacuum cleaner.
You can use Python script for automation:
import requests
url = "https://api.io.mi.com/home/rpc/miIO.migiao.service"
headers = {
"Content-Type": "application/x-www-form-urlencoded",
"Cookie": "userId=YOUR_USERID; serviceToken=YOUR_SSECURITY"
}
data = {
"method": "get_device_list",
"params": [{"getVirtualModel": False, "getHuamiDevices": 1, "getSplitDevice": False, "supportSmartHome": True}]
}
response = requests.post(url, headers=headers, json=data)
print(response.json()) # Look for "token" in the outputπ‘
This method only works if you already have a session in Mi Home, and if you logged out, you will have to repeat the interception of cookies.
Method 5: Receiving a token through Mi Home backup
If you have a backup of Mi Home data (created through adb backup or Android built-in tools), the token can be extracted from it, a method that is suitable for users who have previously made a backup but do not remember the token.
Instructions:
- Create a backup of Mi Home: Adb Backup -f mihome_backup.ab com.xiaomi.smarthome
- Download android-backup-extractor and unpack mihome_backup.ab: java -jar abe.jar unpack mihome_backup.ab mihome_backup.tar
- In the archive, find the file. apps/com.xiaomi.smarthome/sp/mi_push_sdk.xml.
- Open it with any text editor and find a line: <string name="device_token">YOUR_TOKEN_HERE</string>
Important: In newer versions of Mi Home, the token can be stored in binary format or encrypted. mi_push_sdk.xml No, try to find a token in the shared_prefs file.
Typical errors and their solutions
When receiving a token, users often face problems, and here are the most common ways to solve them:
- β The token does not appear in Charles Proxy logs: Check that Mi Home has developer mode enabled (Settings) β About the programme β Firmware version: tap 5 times. Update Charles Proxy to the latest version. Try Fiddler or Wireshark.
- β ADB Does not see the device: Install drivers for your phone (you can download it from the manufacturer's website). USB In Settings β For developers. Try another. USB-cable (sometimes a problem with damaged cable).
- β Mi Home Token Extractor app doesn't find the token: Update Mi Home to the latest version. delete the Mi Home cache in Settings β Annexes β Mi Home β Memory. β Clear the cache. Try reinstalling Mi Home.
π‘
If the token stopped working, it might have been reset after the vacuum cleaner was updated, in which case you'd have to retrieve it.
Security: How to Protect Your Token from Leakage
Xiaomi's vacuum cleaner access token is like a password from your smart home, so if it gets into the wrong hands, attackers can control your device.
β οΈ Warning: Never publish a token in public sources (forums, GitHub, comments) Even if you mask some of the symbols, the token can be restored through the history of changes.
- π Store the token in a secure place: Use password managers (Bitwarden, 1Password). Do not save the token in normal text files on your phone.
- π Update the token regularly: If you suspect a leak, reset the token via Mi Home (Device Settings) β Once reset, the token will change and the old one will become invalid.
- π‘οΈ Restrict access to the token: Don't transfer the token to third parties, even to set up a smart home.If you hire a specialist to set up a Home Assistant, create a separate Mi Home account with limited rights.
If you use the token in Home Assistant or other automation systems, set up two-factor authentication in your Xiaomi account.This will add an additional layer of protection even in the event of a token leak.