How to find out the token of the vacuum cleaner Xiaomi Vacuum Mop P: 5 proven ways (with instructions)

Getting a token for Xiaomi Vacuum Mop P is a necessary step if you want to integrate a robot vacuum cleaner into third-party smart home systems (Home Assistant, Node-RED) or use alternative applications with advanced functionality. The token is a unique 32-character key that serves as a โ€œpasswordโ€ to interact with the device through the Mi Home API. Without it, third-party services will not be able to send commands to the vacuum cleaner.

The problem is that Xiaomi doesnโ€™t officially provide tokens โ€” you have to extract them yourself. In this article, weโ€™ll look at all the current methods, from simple copying from Mi Home (if the token is already displayed) to complex ways using ADB and specialized utilities. Importantly, some methods require root rights or work with the console, so approach the process carefully.

If you're a beginner, we recommend starting with the first two, which don't require technical skills. MITM-proxy and decompilation APK, They are 100% effective but take longer.

1. Method: Removing the token from the Mi Home app (if it is displayed)

The easiest method is to check if the token is displayed directly in the Mi Home, which works if:

  • ๐Ÿ”น You are using the Chinese version of the app (not the global version).
  • ๐Ÿ”น The device was added to the account before the security policy update Xiaomi (2021).
  • ๐Ÿ”น The vacuum cleaner is connected to the account with developer rights (for example, through Xiaomi Open Platform).

Instructions:

  1. Open Mi Home and go to the Xiaomi Vacuum Mop P device profile.
  2. Press three points (โ‹ฎ) top-right โ†’ About the programme.
  3. Scroll down to the Token block (if any). Copy the 32-digit key.

If there is no token, then move on to the following methods. Attention: in the global version of Mi Home, this section is usually hidden.

๐Ÿ“Š What Token Retrieval Method Have You Tried Before?
Through Mi Home.
With ADB
proxy-sniffing
APK decompilation
Nothing.

2. Method: Obtaining a token through Mi Account (official method for developers)

If you are a developer and you have access to the Xiaomi Open Platform, you can request a token legally, which is suitable for API testing, but requires:

  • ๐Ÿ“ Registered developer account at open.home.mi.com.
  • ๐Ÿ” Confirmed mail and telephone number (Chinese number is not required).
  • ๐Ÿ’ป Skills of working with HTTP-request and JSON.

Step-by-step:

  1. Log in to account.xiaomi.com and get it client_id and client_secret In the Mi Account section API.
  2. Create a request for a token: POST https://account.xiaomi.com/oauth2/token Content-Type: application/x-www-form-urlencoded client_id=WASHING_CLIENT_ID client_secret=WASHING_CLIENT_SECRET grant_type=password username=WASHING_EMAIL_Or Phone password=Your password.
  3. The answer will be the field. mi_token โ€” That's your token for you. API.

โš ๏ธ Note: This token gives access to ALL devices in your Mi Home account!

๐Ÿ’ก

If the request returns a 403 Forbidden error, check that your account is linked to the same region as the vacuum cleaner (e.g., cn for China, ru for Russia).

3. Method: Retrieving a token through ADB (for Android)

The method requires root rights on an Android device, but it gives you 100% of the result, and the bottom line is that we get the token from the Mi Home database, where it's stored in encrypted form.

What you need:

  • ๐Ÿ“ฑ Android smartphone with root and Mi Home installed.
  • ๐Ÿ’ป Computer with ADB (download).
  • ๐Ÿ”ง SQLite Browser utility for viewing database.

Instructions:

  1. Connect your smartphone to your PC and execute the command: adb shell su cp /data/data/com.xiaomi.smarthome/databases/mihome.db /sdcard/mihome.db exit exit exit.
  2. Download mihome.db to your computer and open it in SQLite Browser.
  3. Go to the device table and find the line with model = "roborock.vacuum.m1s" (or similar for Vacuum Mop P).
  4. Copy the value from the token field.

โš ๏ธ Note: If the database is not available or empty, Mi Home stores data in the cloud. MITM-proxy (section 5).

USB Debugging enabled (Settings โ†’ Developers)

Installed ADB drivers on PC

The smartphone has root rights.

Mi Home is authorized and vacuum cleaner added to the app-->

4. Method: Use of MiHome-Binary-Protocol utility

This method is suitable for users who do not have root, but have access to Python. We will intercept traffic between Mi Home and Xiaomi servers using a script.

Tools:

  • ๐Ÿ Python 3.8+ and the mitmproxy library.
  • ๐Ÿ“ฑ Android smartphone with mitmproxy certificate installed.
  • ๐Ÿ”— Script com.xiaomi_mihome (Fork with support for new protocols).

Step-by-step:

  1. Install mitmproxy: pip install mitmproxy
  2. Download and launch the script: git clone https://github.com/Maxmudjon/com.xiaomi_mihome.git cd com.xiaomi_mihome python3 mihome_binary_protocol.py
  3. On your smartphone, configure the proxy to your PCโ€™s IP:8080 and install the mitmproxy-ca-cert.cer certificate.
  4. Open Mi Home, update the status of the vacuum cleaner - the console will display a token.

Important: Since 2023, Xiaomi has started encrypting some of the traffic. If the script doesn't work, try using the APK decompilation method (Section 6).

Why is Xiaomi hiding tokens?
Since 2021, Xiaomi has tightened security policies after data breach incidents, with tokens now generated dynamically and linked to a session, and stored in open format only in encrypted databases or the cloud, making integration with third-party systems more difficult but protecting against unauthorized access to users' devices.

5. Method: Intercepting a token through MITM-proxy (advanced)

This method requires networking and SSL/TLS skills.We will intercept traffic between Mi Home and Xiaomi servers to extract the token from the API response.

Required SO:

  • ๐ŸŒ Fiddler or Charles Proxy (for interception of traffic).
  • ๐Ÿ“ฑ Android smartphone with root certificate of proxy.
  • ๐Ÿ” Knowledge of structure HTTP-request.

Instructions:

  1. Set up a proxy on your PC and redirect traffic from your smartphone.
  2. In Fiddler, enable HTTPS (Decrypt HTTPS traffic) decryption.
  3. Open Mi Home and update the status of the vacuum cleaner.
  4. Find a request to api.io.mi.com with the path /app/genToken or /home/device/list.
  5. The answer will be the token field: "..." - this is the key.
MethodDifficultyRoot is required.Works in 2026.
Extract from Mi HomeโญโŒ No.โš ๏ธ Partially.
Mi Account APIโญโญโŒ No.โœ… Yes.
ADB + SQLiteโญโญโญโœ… Yes.โœ… Yes.
MiHome-Binary-ProtocolโญโญโญโญโŒ No.โš ๏ธ Depends on the version.
MITM-proxyโญโญโญโญโญโŒ No.โœ… Yes.

6. Method: Decompilation of APK Mi Home (for experienced)

If none of these methods work, you can reverse engineer the Mi Home application, which requires Java/Smali knowledge and JADX or Apktool.

Instructions:

  1. Download APK Mi Home (for example, with APKPure).
  2. Decompile it with JADX: jadx-gui mihome.apk
  3. Find the class responsible for authorization (usually in the com.xiaomi.smarthome package).
  4. Look for methods with getToken, fetchDeviceToken, or similar names.
  5. Analyze the logic of token generation and reproduce it in your code.

โš ๏ธ Note: Decompilation may violate Xiaomiโ€™s license agreement. Use this method only for personal use!

๐Ÿ’ก

The most reliable methods in 2026 โ€” ADB (if there is root, and MITM-Proxy, official proxies. API It is only for developers with a confirmed account.

Frequent mistakes and their solutions

When extracting a token, users face typical problems:

  • ๐Ÿ”ด Mistake. 401 Unauthorized when requesting API โ†’ Check it out. client_secret and account region.
  • ๐Ÿ”ด There is no device table in mihome.db โ†’ Update your Mi Home or use it MITM-proxy.
  • ๐Ÿ”ด The token consists of one zero (0000...) โ†’ It's a stub. Try another method.
  • ๐Ÿ”ด Proxy doesn't intercept traffic โ†’ Make sure that the proxy certificate is installed on the smartphone.

If you receive a token but it doesnโ€™t work in Home Assistant, check:

  • ๐Ÿ“Œ Model Compatibility (Vacuum Mop P should support miio protocol).
  • ๐Ÿ“Œ Server region (Chinese devices require an account with cn region).
  • ๐Ÿ“Œ Relevance of the token (some keys are valid for a limited time).
โ“ Can I get a token without root and proxy?
Yes, but only if: ๐Ÿ”น You have a Chinese version of Mi Home and the token is displayed in your device profile. ๐Ÿ”น You are a developer with access to Xiaomi Open Platform, and all other applications require at least one of the most advanced methods.
โ“ Why the token stopped working after the Mi Home update?
Xiaomi periodically updates security protocols. If the token stopped working: Check if the vacuum cleaner settings have reset (sometimes reconnecting to Wi-Fi helps). Get a new token with one of the methods described. Update integration in Home Assistant (for example, use the component). xiaomi_miio latest).
โ“ Can I use one token for several vacuum cleaners?
No. The token is tied to a specific device (its DID is a unique identifier), and if you have multiple Xiaomi Vacuum Mop Ps, each needs a different key.
โ“ Is it safe to share the token with third parties?
It's not safe at all. The token gives you complete control of the device: ๐Ÿ”ด The attacker can control the vacuum cleaner (turn on / off, change the settings). ๐Ÿ”ด In some cases, access other devices in your Mi Home account. ๐Ÿ”ด Xiaomi can block an account for suspicious activity. If you need help with setting up, only provide the token to trusted services (for example, official Home Assistant integrations).
โ“ How to check if the token works?
Send the test request to API Example in Python: import requests DID = "YOUR_DEVICE_ID" # Find it at Mi Home or through ADB TOKEN = "YOUR_TOKEN" IP = "192.168.x.x" # Local. IP url-vacuum = f"http://{IP}/miio/info" headers = {"X-Xiaomi-Propertys": '["miIO.info"]'} response = requests.get(url, headers=headers, cookies={"userId": DID, "serviceToken": TOKEN}) print(response.json()) If the answer contains data about the device (model, firmware) โ€“ the token acts.