How to find out the token of the vacuum cleaner Xiaomi on the iPhone

Owners of robotic cleaners from Xiaomi and Roborock often face the desire to expand the functionality of their devices. The standard Mi Home application offers a basic set of functions, but for full integration into the Smart Home system through Home Assistant or HomeKit, a unique identifier is required. This secret key, or token, allows third-party programs to control your vacuum cleaner directly, bypassing the restrictions of official software.

Getting this key on iOS devices has long been considered a complex procedure that requires jailbreaking or complex server configuration. However, modern methods allow you to extract the necessary information using only the regular capabilities of the iPhone and specialized utilities. In this article, we will discuss in detail the current methods that work in 2026.

It's important to understand that a token is not just an account password, it's a 16-digit hexadecimal key that's tied specifically to your device within your account, and without it, you can't have local management of your gadget, which is critical to creating automations that don't depend on the manufacturer's cloud servers. Let's figure out how to mine this valuable parameter.

Why do we need a token and where does it apply?

Many users underestimate the importance of this parameter until they face the limitations of the ecosystem. The official Mi Home app runs through the cloud, which creates delays and Internet dependency. The local protocol, which is activated using a token, allows you to control the vacuum cleaner instantly even if the external communication channel is turned off. This is especially important for scenarios where high system response speed is required.

The main application is the Home Assistant platform, where the potential for smart cleaning is unlocked, where you can run a cleanup schedule that doesn't depend on Xiaomi servers, get advanced filter status notifications, and even build cleaning maps in interfaces other than your native ones, and without the token, integration is simply impossible.

In addition, the presence of the token opens up access to hidden features that developers have not brought to the main interface, such as adjusting the suction power in 1% increments, controlling the side brush separately from the main one, or obtaining detailed statistics by zone, which is a necessary step for enthusiasts to fully customize the device.

โš ๏ธ Warning: Never give your token to anyone else, knowing this key and yours IP-Address, an attacker could theoretically gain full control of a device on your local network.

Itโ€™s worth noting that the procedure for obtaining a token on an iPhone is different from the one on Android. While a green robot can use emulators and traffic sniffers on the phone itself, Appleโ€™s ecosystem has a tougher security policy, but there are proven methods that allow you to circumvent these restrictions without losing warranty.

โš ๏ธ Before you start any manipulation, make sure your vacuum cleaner and iPhone are connected to the same Wi-Fi network. Different subnets (guest network or customer isolation) can make the device invisible to search tools.

Preparing iPhone and Networks Before Removal

The success of the operation depends on 90% of the correct preparation of the environment. Unlike PCs, mobile devices have restrictions on access to network interfaces. So the first step is to ensure a stable connection. Make sure that your router distributes the network at 2.4 GHz, since most models of vacuum cleaners do not support the 5 GHz standard.

The second important point is the operating system version. Some methods will require an up-to-date version of iOS to keep the required certificates and profiles running, and it is also recommended to free up space in the phone's memory, as the process may require the installation of temporary utilities to analyze traffic.

Here is a checklist to help you prepare for the procedure:

  • ๐Ÿ“ฑ Make sure that the Mi Home app is installed and you are logged in to the account to which the vacuum cleaner is linked.
  • ๐Ÿ“ถ Check that the iPhone and robot vacuum cleaner are on the same local network (the same). SSID).
  • ๐Ÿ”‹ Charge the vacuum cleaner to at least 20% so that it does not go into sleep mode during the search process.
  • ๐Ÿ“ Prepare a notebook or notebook app to write down a 16-digit key right away.

โ˜‘๏ธ Preparation for the extraction of the token

Done: 0 / 4

Particular attention should be paid to privacy settings. In recent versions of iOS, the system may ask permission to search devices on the local network for new applications, but you must give consent, otherwise the assistant program will not be able to โ€œseeโ€ your smart home.

Method 1: Use Home Assistant and Xiaomi Cloud Token Extractor

The most reliable and versatile method to date is to use a Home Assistant bundle and a special script to extract tokens, which requires no jailbreak and works through a cloud API to simulate authorization request. You don't have to be a programmer to do these things, just follow the instructions.

The essence of the method is that we use the official Xiaomi server to generate the token, but intercept the response using a special tool. Since the request is on your behalf, the server willingly gives away all the necessary keys. This is safe, since you do not transfer your data to third parties, but use open API gateways.

To implement this method on the iPhone, the most convenient way to use the web version of the utility or run a local server, if you have the opportunity. However, there is a simplified option through online generators that run in the Safari browser. You will need to enter the username and password from your Mi Account.

Is it safe to enter a password into third-party services?
Entering data into trusted open-source utilities (such as GitHub) is considered conditionally secure because the code is open to verification. However, if you are paranoid about security, it is better to use the traffic sniffer method (Method 2), which does not require you to enter a password anywhere.

The process is as follows:

  1. Open the Safari browser on your iPhone.
  2. Go to the site of a proven token generator (e.g., a miio project or similar open-source solutions).
  3. Enter your Mi Account (server region is important!)
  4. Get a list of all devices and their tokens in text format.

The key here is to choose the right server region: If you registered for an account in Russia, but when you logged in to the application, you chose China, the token will not be received.

โš ๏ธ Note: After successful receipt of the token, it is strongly recommended to change the password from the Mi Account.This is a standard digital hygiene procedure after using any third-party authorization tools.

Method 2: Sniffing traffic through Proxy (for advanced)

If you donโ€™t trust cloud methods or they stopped working because of changes in Xiaomiโ€™s security policy, youโ€™ll still have a network traffic analysis option, which is harder to do on iPhone than on Android, but itโ€™s possible, and youโ€™ll need to set up a root certificate profile and use a packet-sniffing app like Stream or HTTP Catcher.

The principle is that the iPhone becomes a proxy between the Mi Home app and the server, and all requests are encrypted, but the certificate we installed allows you to decrypt their contents, and when the application is authorized, the traffic will contain the desired token.

Instructions for setting up the sniffer:

  • ๐Ÿ“ฅ Download the sniffer app from the App Store (many are paid or have a trial period).
  • ๐Ÿ“œ Install and activate the root certificate in your iPhone settings (Settings) โ†’ Mainstream โ†’ About this device. โ†’ Certificates).
  • ๐ŸŒ Turn it on. VPN-profile created by the application.
  • ๐Ÿ”„ Open Mi Home and wait for the device list to be updated.
  • ๐Ÿ” In the sniffer logs, find a request to API Xiaomi and look for the Token option.

This is a method that requires care. There are thousands of packets in the data stream, and you need to be able to filter the extra packets. Look for queries that contain your vacuum cleaner's Device ID. The token usually comes in a JSON server response.

๐Ÿ’ก

Use a filter for the keyword โ€œmiotโ€ or โ€œdeviceโ€ in the sniffer app to instantly cut off ad traffic and unnecessary iOS background processes.

It is worth noting that Xiaomi is actively fighting against such methods, introducing protection against the use of anti-malware. SSL-So this may not work on the newest versions of the Mi Home app, so try rolling back the app to an older version if you have the option, or use the Android emulator on your PC as a middle ground.

Comparison of methods of obtaining a token

To make it easier for you to choose the right option, we have a comparative table that will help you assess the risks and complexity of each method, and for most users, the first way to do this is to use a cloud extractor, because it's the least labor-intensive.

ParameterCloud extractorTraffic Sniffing (Proxy)Android emulator on PC
DifficultyLow.Tall.Medium
I need a PC.No.No.Yes.
SecurityMedium (password input)High (locally)Tall.
StabilityDepends on the servers.Depends on the software version.Tall.

As you can see from the table, each method has its pros and cons. If you value time, choose the first option. If you are critical to maximum security and you do not want to shine a password, you will have to tinker with a sniffer or find a computer.

In rare cases, when a device is reset or a router resets, the key can change, so a copy of a token stored somewhere in the cloud or notebook is a good practice for any smart home owner.

๐Ÿ“Š What method of obtaining the token you used?
Cloud extractor
Sniffing on iPhone
PC emulator
I haven't tried it yet.

Integration of the token into Home Assistant and other systems

Once you've successfully mined the cherished character combination, it's time to implement it, and the most popular platform for this is Home Assistant, which lets you combine Xiaomi vacuum cleaners with other brands, creating complex scenarios, like starting a cleanup when everyone's gone, or stopping a robot when the door is open.

To add the device to Home Assistant, Xiaomi Miio integration is used. IP-The address of the vacuum cleaner (it can be found in the router or in the Mi Home application in the device settings) and the token itself.

What integration brings:

  • ๐Ÿงน Starting a voice cleaning service via Siri (over the HomeKit Bridge).
  • ๐Ÿ—บ๏ธ Displaying a cleaning map in real time.
  • ๐Ÿ“Š Detailed statistics and graphs in the interface HA.
  • ๐Ÿ”Œ Charging control (for some models).

๐Ÿ’ก

The token is the bridge between the manufacturer's closed ecosystem and the open world of automation, and once you get it, you become the owner of the device.

Do not forget that for local management IP-The vacuum cleaner address should be static. Set up a router to reserve the address to MAC-address of the device so that after restarting the router automation does not stop working due to a change IP.

Frequent problems and ways to solve them

The process of obtaining a token does not always go smoothly; users may experience authorization errors, connection timeouts or empty lists of devices, most often the problem lies in the wrong server or lock on the part of the provider.

If the extractor writes "Invalid credentials," check if you have two-factor authorization enabled (though this is rare for Mi Account) and if the region is correctly selected. "No devices found" error usually means that the account is empty or the devices are tied to a different ID.

In case of connection problems, try the following:

  1. Turn off mobile internet (LTE/5G) on your iPhone, leaving only Wi-Fi.
  2. Reboot the router and vacuum cleaner.
  3. Try to perform the procedure at other times of the day when the load on Xiaomi servers is lower.
  4. Make sure that the password from the account does not have special characters that can be incorrectly processed by the script.

Also, some newer vacuum cleaners use an updated encryption protocol, which may not be the case for older vacuum cleaners, and itโ€™s worth keeping an eye out for updates on Home Assistantโ€™s developer forums, where the community is quick to find new workarounds.

What to do if the token is not suitable?
Make sure you donโ€™t confuse Token with Token. MAC-address or device ID. The token is always 32 characters (hex) and check if it has changed. IP-device address in your network.

Conclusion and security measures

Getting Xiaomiโ€™s vacuum cleaner token on an iPhone is a big step for any smart home enthusiast, making a regular gadget a full-fledged part of an automated system, and despite its apparent complexity, modern tools make it accessible even to inexperienced users.

But don't forget security. The token gives you full access to the device. Store it in a safe place, best of all in a password manager. Don't post screenshots of the tokens on social media and chat rooms. Data care will keep your smart home running smoothly and securely for years to come.

Now that you know how to get the key, you have new possibilities: experiment with settings, create scripts, and enjoy cleanliness, controlled by a single touch or a voice command. Xiaomi technology, coupled with the right approach, works wonders.

Can I get a token without a computer, only on the iPhone?
Yes, it is possible. Using cloud token extractors through the Safari browser or installing specialized sniffer applications from the App Store allows you to perform the entire procedure exclusively on a smartphone without involving a PC.
Will the token change if I reinstall the Mi Home app?
No, the token is tied to the device and the account, not the app, but if you untie the device from the account and re-attach it, the token will change and you will have to repeat the procedure.
Is it dangerous to use third-party programs to obtain a token?
Using open source tools (available on GitHub) is considered relatively safe, but there is always a risk, so it is recommended to change the password from your Mi Account after using such services.
Does this method work for all Xiaomi models?
The method works for the vast majority of devices that support the Mi Home ecosystem (Roborock, Dreame, Viomi, Mijia), except for completely new models with an updated encryption protocol that require new methods of hacking.
Do I need the Internet to work the vacuum cleaner after receiving the token?
Local control via Home Assistant does not require Internet, local Wi-Fi network is enough. However, for voice assistants (Alice, Siri) and remote control from another network, the Internet is mandatory.