How to find out the token vacuum cleaner Xiaomi Vacuum Mop Essential: 5 working ways (2026)

Xiaomi Vacuum Mop Essential (model) STYJ02YM) requires access tokens to integrate with third-party smart home systems such as Home Assistant, Node-RED or ioBroker.Without this unique identifier, you won’t be able to control the device through a device. API, Configure automation or use advanced features outside the official Mi Home app.

The problem is that Xiaomi doesn’t provide the token openly β€” it needs to be extracted independently. In this article, we’ll look at 5 proven ways to get the token, including official and alternative methods, as well as solving common errors (for example, Invalid token or Device found not).

1 What is Xiaomi Token and Why is it Needed

Token (or) API-Key is a unique 32-character string that serves as a password for interacting with a device through the Xiaomi cloud. It is tied to a specific account and device, so the token from one vacuum cleaner will not be suitable for another, even if the models are identical.

Without a token, you can't:

  • πŸ”Œ Connect the vacuum cleaner to Home Assistant or other automation systems;
  • πŸ“Š Get the cleaning status data (battery charge, covered area, errors);
  • πŸ€– Manage your device through voice assistants (Alice, Google Assistant);
  • πŸ”„ Set up complex scenarios (e.g., running a house cleaning when you are not home).

Important: the token is valid only as long as the device is tied to your Mi Home account. When you dump the vacuum cleaner or change your account, the token will become invalid.

πŸ’‘

If you plan to use the token in Home Assistant, immediately save it in a safe place (for example, in the password manager).

2. Method 1: Receiving a token through Mi Home (official method)

The most reliable way is to extract the token from the Mi Home app traffic.

  • πŸ“± Smartphone with Mi Home installed (version no lower than 6.0.100);
  • πŸ–₯️ Computer with a traffic interceptor program (Fiddler, Charles, or HTTP Toolkit);
  • πŸ”— Xiaomi Vacuum Mop Essential Vacuum Buses Linked to Account.

Step-by-step:

  1. Install the HTTP Toolkit on your computer (download here) and run the program.
  2. On your smartphone, connect to the same Wi-Fi network as your computer. In your Wi-Fi settings, specify the proxy server (IP of your PC and port 8080).
  3. Open Mi Home, log in and go to the vacuum cleaner management page. In the HTTP Toolkit, start recording traffic.
  4. In the app, update the device status (pull the screen down). In the HTTP Toolkit logs, search for a request to the domain api.io.mi.com with the path /api/user/getdevicelist.
  5. The server's response will be JSON-Find your model vacuum cleaner in it": "roborock.vacuum.m1s" (for Vacuum Mop Essential and copy the value of "token".

Example of server response (token highlighted):

{


"list": [




{




"did": "123456789",




"token": "a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6",




"model": "roborock.vacuum.m1s",




"name": "Xiaomi Vacuum Mop Essential"




}




]




}

Make sure the vacuum cleaner is connected to Wi-Fi|Turn it off. VPN smartphone|Update the Mi Home app to the latest version|Check that the device is not in "Do Not Disturb" mode"-->

3. Method 2: Use of alternative applications

If it seems difficult to intercept traffic, you can use third-party utilities that automate the process.

  • πŸ”§ Mi Token Extractor (Android) – extracts tokens from the Mi Home cache;
  • 🍎 Xiaomi Cloud Tokens Extractor (iOS, jailbreak required);
  • πŸ’» Python-script miio-cli (for advanced users).

Let’s look at the Mi Token Extractor:

  1. Download. APK-GitHub file (check the version’s relevance!).
  2. Install the app on Android (allow installation from unknown sources).
  3. Sign in to Mi Home and open Mi Token Extractor.
  4. Click Get Tokens – the program will show a list of devices with tokens.

⚠️ Warning: Some antiviruses block Mi Token Extractor as "potentially dangerous software." This is a false positive, but download APK Only from the official developer repository.

AnnexPlatformNeeds root/jailbreak?Difficulty
Mi Token ExtractorAndroidNo.⭐⭐
Xiaomi Cloud Tokens ExtractoriOSYeah (jailbreak)⭐⭐⭐
miio-cli (Python)Windows/Linux/MacNo.⭐⭐⭐⭐

Home Assistant|ioBroker|Node-RED|Alice's home assistant|Another.|I don't use it.-->

Method 3: Manual query via API (for technical users)

If you are familiar with Python or Postman, you can get a token through a direct request to the Xiaomi API.

  1. Install the python-miio library: pip install python-miio
  2. Sign in to Xiaomi account via the script: from miio import ChangelogLibre user = "your email@mail.com" password = "your password" libre = ChangelogLibre() libre.login(user, password)
  3. Get a list of devices: devices = libre.get_devices() for device in devices: if device["model"] == "roborock.vacuum.m1s": print(f"Token: {device['token']}")

⚠️ Warning: Keep the password script secure. After receiving the token, remove the login and password from the code to avoid data leakage.

The alternative is to use Postman:

  1. Create. POST-request https://account.xiaomi.com/pass/serviceLoginAuth2;
  2. In the request body, specify:
{


"clientId": "2882303761517432307",




"password": "your password,"




"serviceToken": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",




"user": "your email@mail.com"




}

What to do if the API returns the error "Invalid credentials"
Make sure you use the correct server region (for Russia - ru, for Europe - eu). Try changing the password in your Mi Home account and repeat the request. If your account is linked to a phone number, use it instead of email in the user field. Check if two-factor authentication is enabled - you need to temporarily disable it.

5. Method 4: Removing the token from the Mi Home backup

If you have a backup of Mi Home data (e.g., created via Titanium Backup or iMazing), the token can be extracted from it:

  1. Backup the Mi Home app (root rights required for Android).
  2. Open the backup file in a text editor (e.g. Notepad++).
  3. Find the token line, and there will be a 32-character key next to it.

Example of a backup fragment:

<map>


<string name="did">123456789</string>




<string name="token">a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6</string>




<string name="model">roborock.vacuum.m1s</string>




</map>

⚠️ Note: Backups may contain outdated tokens. Once extracted, check the operability of the key through a test request to the API.

6. Method 5: Requesting a token through Xiaomi support (official channel)

In rare cases, the token can be obtained through Xiaomi’s support service, but this will require:

  • πŸ“„ Check for the purchase of a vacuum cleaner (or warranty card);
  • πŸ†” Serial number of the device (S/N vacuum-hole);
  • πŸ“§ Email linked to Mi Home account.

Instructions:

  1. Write to Xiaomi Support Chat (via Mi Home or support.xiaomi.com).
  2. Specify the reason for the request: β€œWe need a token to integrate with the smart home system.”
  3. Attach a photo of the check and serial number.
  4. Wait for a response (usually 1-3 days).

πŸ”Ή Important: Support doesn't always go hand in hand, especially if the device is unofficially purchased, and 80 percent of the time, you're going to be rejected, citing "security policyΒ».

πŸ’‘

Requesting a token through support is the longest and most unreliable way, and only use it if other methods have failed.

7.Typical errors and their solutions

When working with a token, users often face problems. Let's consider the most common:

Mistake.Reason.Decision
Invalid tokenToken is obsolete or incorrectGet a new token or check the correctness of the input
Device not foundVacuum cleaner not tied to accountRe-connect the device to Mi Home
Permission deniedNot enough rights.Check the server region (should match the account region)
Network errorInternet problemsDisable VPN, check the connection

If the vacuum cleaner does not respond to commands via the API, check:

  1. Make sure the device is on and connected to Wi-Fi.
  2. Check if the firewall blocks outgoing connections.
  3. Update the vacuum cleaner to the latest version.
How to check the performance of the token
Send a test request via Postman or Curl: Curl -X POST "http://IP_WASHINGTON/miIO.info" -d '{"id":1}' -H "Content-Type: application/json" If the answer contains β€œresult”: [”ok”], the token is valid.

8 Security: How to Protect Your Token

The token gives you complete control of your vacuum cleaner, and if it falls into the wrong hands, the attacker can:

  • πŸ•΅οΈ Track your location (by cleaning card);
  • πŸ”Š Turn on the vacuum cleaner at night or in your absence;
  • πŸ“Έ Get data from the camera (if the model supports video surveillance).

Safety regulations:

  • πŸ” Don’t give the token to anyone, even for the testΒ».
  • πŸ”„ Change your password from your Mi Home account regularly.
  • πŸ›‘οΈ Set up two-factor authentication.
  • πŸ—‘οΈ Remove the token from the project code before publishing on GitHub.

If the token is compromised:

  1. Untie the vacuum cleaner from your Mi Home account immediately.
  2. Reset the device to factory settings (button) RESET 5 seconds).
  3. Generate a new token.

πŸ’‘

Never store a token in the public domain (Google Docs, Dropbox) or in public repositories. Use password managers (KeePass, 1Password) to store it.

FAQ: Frequent questions about Xiaomi Vacuum Mop Essential token

❓ Does the token change after the firmware update?
Yes, in some cases, Xiaomi resets the token with major software updates. After the update, check the health of the token and if necessary, get a new one.
❓ Can I use one token for several vacuum cleaners?
No, the token is tied to a specific device (DID) and account, and each vacuum cleaner needs a separate key.
❓ Why the token is 32 characters long, and some instructions contain shorter keys?
Xiaomi used to use 16-24 character tokens, but since 2022 it has switched to a 32-character format. Old tokens may still work, but new devices (including Vacuum Mop Essential) require an extended key.
❓ How do you know? IP-vacuum address?
IP-Address can be found: In the router (section) DHCP Clients or Connected Devices; Through the Mi Home app: Device settings β†’ About the device β†’ Local area network; using network scanning by Fing or nmap.
❓ Does the token work if the vacuum cleaner is disconnected from Wi-Fi?
No. To communicate through the API, the device must be connected to the Internet, and local commands (by IP) only work on the same network as the vacuum cleaner.