How to get a token vacuum cleaner Xiaomi on Android: all the ways of 2026

Why Xiaomi vacuum cleaner token is so important for Android users

The Xiaomi robot vacuum cleaner access token is a unique digital key that unlocks advanced device management capabilities. Without it, you are limited to the standard functionality of the Mi Home app, whereas with the token you can integrate the vacuum cleaner into smart systems like Home Assistant, Node-RED or even create your own automation scenarios through Python.

Android makes it harder to get this token than iOS because of the Mi Home app and the limitations of the operating system, but that’s why we’ve prepared a detailed guide to current methods for 2026 that work even for newer models of vacuum cleaners (Xiaomi Robot Vacuum S10, Xiaomi Mijia 1T, Dreame Bot Z10 Pro, etc.) In this article, you’ll find not only step-by-step instructions, but also a breakdown of typical bugs, safety tips, and alternative solutions for cases where standard methods don’t work.

Method 1: Receiving a token through HTTP-Proxy (the most reliable method)

This is considered the most versatile method, as it works regardless of the version of the Mi Home application and the vacuum cleaner model, the essence of which is to intercept network traffic between your phone and Xiaomi servers, where the token is transmitted.

  • πŸ“± Android smartphone with root rights or the ability to install a user certificate
  • πŸ’» Computer with Charles Proxy or Fiddler installed
  • πŸ”Œ Xiaomi vacuum cleaner connected to the same Wi-Fi network as the phone
  • πŸ“² Mi Home app (version no older than 6.0.100) to simplify the process)

Step-by-step:

  1. Set up a proxy on your PC: Install Charles Proxy and run it. In the Proxy β†’ Proxy Settings menu, set port 8888 and tick Enable transparent HTTP proxying. Go to Proxy β†’ SSL Proxying β†’ SSL Proxying Settings and add the *.mi.com domain.
  2. Connect Android to a proxy: On your phone, go to Settings β†’ Wi-Fi, click on your network and select Change Network β†’ Additional settings. Set the proxy type Manually, enter your PC's IP and port 8888. Save settings and connect again.
  3. Installation of Certificate: On PC in Charles Proxy, select Help β†’ SSL Proxying β†’ Install Charles Root Certificate on a Mobile Device chls.pro/ssl In your browser and download the certificate. Set the certificate in Settings β†’ Security β†’ Installation from storage (may be required) PIN-code).

Token interception:

  • Open Mi Home, log in and go to the vacuum cleaner management page.
  • In Charles Proxy, enter miio in the filter and you will see API requests.
  • Find a query with a URL containing /miio/miboy (for vacuum cleaners) or /miio/leshi (for some models).
  • The server response will be the line "token": "your token here" - copy it.

β˜‘οΈ Checklist for Proxy Method

Done: 0 / 5

Advantages of the method: it works for all models of vacuum cleaners, including new ones, and does not require unlocking the loader.

What if the token is not displayed in the logs?
If there is no string with a token in the logs, check: 1) Filter correctness (look for "miio" or "miboy"). 2) Mi Home version - in new versions, the token can be transmitted in encrypted form. 3) Connecting a vacuum cleaner - it should be online and linked to your account. 4) Proxy settings - sometimes changing the port to 8080 helps.

Method 2: Using ADB to extract a token (without root)

If you don’t have root rights but have access to ADB (Android Debug Bridge), you can try extracting the token directly from the memory of the Mi Home app.This method is suitable for most Android 8.0 and higher devices, but requires debugging over USB.

You'll need:

  • πŸ“± Android smartphone with enabled debugging USB (Settings β†’ The phone. β†’ Build Number – tap 7 times, then return to Settings β†’ For developers β†’ Debugging by USB)
  • πŸ’» Computer with installed ADB tools (you can download from the official website)
  • πŸ”Œ Cable USB connect phone to PC

Instructions:

1. Connect the phone to the PC and confirm the debugging permission.


2. Open the command line (Windows) or terminal (macOS/Linux) and execute:




adb devices




(Your device should be displayed)




3. Launch Mi Home and log in.




4. execute the command for the application memory dump:




adb shell dumpsys meminfo com.xiaomi.smarthome -d




5.In the output, find the line with "token" - it can be disguised, but usually contains 32 characters.




6. Alternative method (if no token is found):




adb shell "run-as com.xiaomi.smarthome cat /data/data/com.xiaomi.smarthome/shared_prefs/mi_push_sdk.xml"




(Look for <string name="device_token">)

πŸ’‘

If the run-as command doesn’t work, try using adb backup to back up Mi Home data, and then extract the token from the backup.ab file using the abe (android-backup-extractor) tool.

Important: In the newer versions of Mi Home (6.5+), the token can be stored in encrypted form, in which case only the proxy method or specialized utilities like MiTokenExtractor will help.

Method 3: Alternative applications for token extraction

If previous methods seemed too complicated, you can use third-party applications that automate the process of obtaining a token.

AnnexNeed root?Supported modelsReference
Mi Home Token ExtractorNo.All Xiaomi/Dreame vacuum cleanersGoogle Play
Packet CaptureNo, but you do. VPN-regime)Any Mi Home devicesGoogle Play
PCAPdroidNo.All models (requires customization)Google Play
TokenGrabber (informal)Yes.Only the old versions of the Mi Home4PDA

How to use Mi Home Token Extractor:

  1. Install the application and open it.
  2. Click Start Extraction and wait for the Mi Home launch request.
  3. Log in to Mi Home and go to the vacuum cleaner management page.
  4. Return to Token Extractor – the token will appear in the Device Token field.
  5. Copy it and save it in a safe place (e.g. Google Keep or 1Password).
πŸ“Š How did you get the token?
Through HTTP-proxy
With ADB
Through an alternative application
other way

Warning: Some apps on this list may require additional permissions or contain ads. Check reviews and rankings on Google Play before installing.

Method 4: Manually request a token through the Xiaomi API (for advanced)

If you're familiar with the API, you can get the token directly through queries to Xiaomi's servers, which requires knowledge of Python or cURL, but gives you complete control over the process.

Algorithm of action:

  1. Get userId and ssecurity from the Mi Home cookies (can be extracted via Charles Proxy or Fiddler).
  2. Make a request to API: POST /home/rpc/miIO.migiao.service HTTP/1.1 Host: api.io.mi.com Content-Type: application/x-www-form-urlencoded Cookie: userId=YOUR_USERID; serviceToken=YOUR_SSECURITY {"method":"get_device_list","params":[{"getVirtualModel":false,"getHuamiDevices":1,"getSplitDevice":false,"supportSmartHome":true}]}
  3. In the answer, find a block with a "token" for your vacuum cleaner.

You can use Python script for automation:

import requests



url = "https://api.io.mi.com/home/rpc/miIO.migiao.service"




headers = {




"Content-Type": "application/x-www-form-urlencoded",




"Cookie": "userId=YOUR_USERID; serviceToken=YOUR_SSECURITY"




}




data = {




"method": "get_device_list",




"params": [{"getVirtualModel": False, "getHuamiDevices": 1, "getSplitDevice": False, "supportSmartHome": True}]




}





response = requests.post(url, headers=headers, json=data)




print(response.json()) # Look for "token" in the output

πŸ’‘

This method only works if you already have a session in Mi Home, and if you logged out, you will have to repeat the interception of cookies.

Method 5: Receiving a token through Mi Home backup

If you have a backup of Mi Home data (created through adb backup or Android built-in tools), the token can be extracted from it, a method that is suitable for users who have previously made a backup but do not remember the token.

Instructions:

  1. Create a backup of Mi Home: Adb Backup -f mihome_backup.ab com.xiaomi.smarthome
  2. Download android-backup-extractor and unpack mihome_backup.ab: java -jar abe.jar unpack mihome_backup.ab mihome_backup.tar
  3. In the archive, find the file. apps/com.xiaomi.smarthome/sp/mi_push_sdk.xml.
  4. Open it with any text editor and find a line: <string name="device_token">YOUR_TOKEN_HERE</string>

Important: In newer versions of Mi Home, the token can be stored in binary format or encrypted. mi_push_sdk.xml No, try to find a token in the shared_prefs file.

Typical errors and their solutions

When receiving a token, users often face problems, and here are the most common ways to solve them:

  • ❌ The token does not appear in Charles Proxy logs: Check that Mi Home has developer mode enabled (Settings) β†’ About the programme β†’ Firmware version: tap 5 times. Update Charles Proxy to the latest version. Try Fiddler or Wireshark.
  • ❌ ADB Does not see the device: Install drivers for your phone (you can download it from the manufacturer's website). USB In Settings β†’ For developers. Try another. USB-cable (sometimes a problem with damaged cable).
  • ❌ Mi Home Token Extractor app doesn't find the token: Update Mi Home to the latest version. delete the Mi Home cache in Settings β†’ Annexes β†’ Mi Home β†’ Memory. β†’ Clear the cache. Try reinstalling Mi Home.

πŸ’‘

If the token stopped working, it might have been reset after the vacuum cleaner was updated, in which case you'd have to retrieve it.

Security: How to Protect Your Token from Leakage

Xiaomi's vacuum cleaner access token is like a password from your smart home, so if it gets into the wrong hands, attackers can control your device.

⚠️ Warning: Never publish a token in public sources (forums, GitHub, comments) Even if you mask some of the symbols, the token can be restored through the history of changes.

  • πŸ”’ Store the token in a secure place: Use password managers (Bitwarden, 1Password). Do not save the token in normal text files on your phone.
  • πŸ”„ Update the token regularly: If you suspect a leak, reset the token via Mi Home (Device Settings) β†’ Once reset, the token will change and the old one will become invalid.
  • πŸ›‘οΈ Restrict access to the token: Don't transfer the token to third parties, even to set up a smart home.If you hire a specialist to set up a Home Assistant, create a separate Mi Home account with limited rights.

If you use the token in Home Assistant or other automation systems, set up two-factor authentication in your Xiaomi account.This will add an additional layer of protection even in the event of a token leak.

FAQ: Answers to Frequent Questions

Can I get a token without a computer?
Yes, but with limitations. You can use apps like Packet Capture or PCAPdroid right on your phone, but that would require: Set up a user certificate (like the proxy method). Set up a customized user certificate. VPN-You can have root rights for some applications. Without a computer, the easiest way to use Mi Home Token Extractor is to use it, but it doesn't always work with newer versions of Mi Home.
Why is the token 32 characters, and in some instructions mentioned 16?
Early Xiaomi vacuum cleaners (such as Mi Robot Vacuum 1) used 16-character tokens. Modern devices (S10, X10+, Dreame Bot) work with 32-character tokens. If you see a 16-character token, it's most likely: A truncated token (perhaps not fully displayed in the logs), a token from an old vacuum cleaner model. Mistakeable data (check again).
Will the token work after the vacuum cleaner is dumped to the factory settings?
No. When you dump the vacuum cleaner (Hold the reset button for 5 seconds), all the attachments to the Mi Home account are removed and the token becomes invalid. After the reset, you have to: Reconnect the vacuum cleaner to the Mi Home. Get a new token using one of the methods described. If you plan to sell or transfer the vacuum cleaner, be sure to reset so that the new owner does not get access to your account.
Can I use one token for several vacuum cleaners?
No, every Xiaomi vacuum cleaner has a unique token. However, one Mi Home account can manage multiple devices, and you can get a separate token for each of them. If you have two vacuum cleaners, you will need: Get a token for the first device (as described above), switch to the second vacuum cleaner in Mi Home and repeat the process. In Home Assistant or other automation systems, you can add both devices by specifying their individual tokens.
What if Xiaomi blocked my account after trying to get a token?
In rare cases, frequent requests to the API or using a proxy can cause suspicion in the security system Xiaomi, which leads to a temporary locking of the account. To unlock it: Wait 24 hours - usually the lock is removed automatically. Try to restore access through the login page (click Forgot the password?). If the lock is not removed, contact Xiaomi support through the official website. To avoid blocking: Do not send too many requests to the API in a short period of time. Use official methods (for example, Mi Home Token Extractor) instead of self-written scripts.