Getting a token for Xiaomi Vacuum Mop P is a necessary step if you want to integrate a robot vacuum cleaner into third-party smart home systems (Home Assistant, Node-RED) or use alternative applications with advanced functionality. The token is a unique 32-character key that serves as a โpasswordโ to interact with the device through the Mi Home API. Without it, third-party services will not be able to send commands to the vacuum cleaner.
The problem is that Xiaomi doesnโt officially provide tokens โ you have to extract them yourself. In this article, weโll look at all the current methods, from simple copying from Mi Home (if the token is already displayed) to complex ways using ADB and specialized utilities. Importantly, some methods require root rights or work with the console, so approach the process carefully.
If you're a beginner, we recommend starting with the first two, which don't require technical skills. MITM-proxy and decompilation APK, They are 100% effective but take longer.
1. Method: Removing the token from the Mi Home app (if it is displayed)
The easiest method is to check if the token is displayed directly in the Mi Home, which works if:
- ๐น You are using the Chinese version of the app (not the global version).
- ๐น The device was added to the account before the security policy update Xiaomi (2021).
- ๐น The vacuum cleaner is connected to the account with developer rights (for example, through Xiaomi Open Platform).
Instructions:
- Open Mi Home and go to the Xiaomi Vacuum Mop P device profile.
- Press three points (โฎ) top-right โ About the programme.
- Scroll down to the Token block (if any). Copy the 32-digit key.
If there is no token, then move on to the following methods. Attention: in the global version of Mi Home, this section is usually hidden.
2. Method: Obtaining a token through Mi Account (official method for developers)
If you are a developer and you have access to the Xiaomi Open Platform, you can request a token legally, which is suitable for API testing, but requires:
- ๐ Registered developer account at open.home.mi.com.
- ๐ Confirmed mail and telephone number (Chinese number is not required).
- ๐ป Skills of working with HTTP-request and JSON.
Step-by-step:
- Log in to account.xiaomi.com and get it client_id and client_secret In the Mi Account section API.
- Create a request for a token: POST https://account.xiaomi.com/oauth2/token Content-Type: application/x-www-form-urlencoded client_id=WASHING_CLIENT_ID client_secret=WASHING_CLIENT_SECRET grant_type=password username=WASHING_EMAIL_Or Phone password=Your password.
- The answer will be the field. mi_token โ That's your token for you. API.
โ ๏ธ Note: This token gives access to ALL devices in your Mi Home account!
๐ก
If the request returns a 403 Forbidden error, check that your account is linked to the same region as the vacuum cleaner (e.g., cn for China, ru for Russia).
3. Method: Retrieving a token through ADB (for Android)
The method requires root rights on an Android device, but it gives you 100% of the result, and the bottom line is that we get the token from the Mi Home database, where it's stored in encrypted form.
What you need:
- ๐ฑ Android smartphone with root and Mi Home installed.
- ๐ป Computer with ADB (download).
- ๐ง SQLite Browser utility for viewing database.
Instructions:
- Connect your smartphone to your PC and execute the command: adb shell su cp /data/data/com.xiaomi.smarthome/databases/mihome.db /sdcard/mihome.db exit exit exit.
- Download mihome.db to your computer and open it in SQLite Browser.
- Go to the device table and find the line with model = "roborock.vacuum.m1s" (or similar for Vacuum Mop P).
- Copy the value from the token field.
โ ๏ธ Note: If the database is not available or empty, Mi Home stores data in the cloud. MITM-proxy (section 5).
USB Debugging enabled (Settings โ Developers)
Installed ADB drivers on PC
The smartphone has root rights.
Mi Home is authorized and vacuum cleaner added to the app-->
4. Method: Use of MiHome-Binary-Protocol utility
This method is suitable for users who do not have root, but have access to Python. We will intercept traffic between Mi Home and Xiaomi servers using a script.
Tools:
- ๐ Python 3.8+ and the mitmproxy library.
- ๐ฑ Android smartphone with mitmproxy certificate installed.
- ๐ Script com.xiaomi_mihome (Fork with support for new protocols).
Step-by-step:
- Install mitmproxy: pip install mitmproxy
- Download and launch the script: git clone https://github.com/Maxmudjon/com.xiaomi_mihome.git cd com.xiaomi_mihome python3 mihome_binary_protocol.py
- On your smartphone, configure the proxy to your PCโs IP:8080 and install the mitmproxy-ca-cert.cer certificate.
- Open Mi Home, update the status of the vacuum cleaner - the console will display a token.
Important: Since 2023, Xiaomi has started encrypting some of the traffic. If the script doesn't work, try using the APK decompilation method (Section 6).
Why is Xiaomi hiding tokens?
5. Method: Intercepting a token through MITM-proxy (advanced)
This method requires networking and SSL/TLS skills.We will intercept traffic between Mi Home and Xiaomi servers to extract the token from the API response.
Required SO:
- ๐ Fiddler or Charles Proxy (for interception of traffic).
- ๐ฑ Android smartphone with root certificate of proxy.
- ๐ Knowledge of structure HTTP-request.
Instructions:
- Set up a proxy on your PC and redirect traffic from your smartphone.
- In Fiddler, enable HTTPS (Decrypt HTTPS traffic) decryption.
- Open Mi Home and update the status of the vacuum cleaner.
- Find a request to api.io.mi.com with the path /app/genToken or /home/device/list.
- The answer will be the token field: "..." - this is the key.
| Method | Difficulty | Root is required. | Works in 2026. |
|---|---|---|---|
| Extract from Mi Home | โญ | โ No. | โ ๏ธ Partially. |
| Mi Account API | โญโญ | โ No. | โ Yes. |
| ADB + SQLite | โญโญโญ | โ Yes. | โ Yes. |
| MiHome-Binary-Protocol | โญโญโญโญ | โ No. | โ ๏ธ Depends on the version. |
| MITM-proxy | โญโญโญโญโญ | โ No. | โ Yes. |
6. Method: Decompilation of APK Mi Home (for experienced)
If none of these methods work, you can reverse engineer the Mi Home application, which requires Java/Smali knowledge and JADX or Apktool.
Instructions:
- Download APK Mi Home (for example, with APKPure).
- Decompile it with JADX: jadx-gui mihome.apk
- Find the class responsible for authorization (usually in the com.xiaomi.smarthome package).
- Look for methods with getToken, fetchDeviceToken, or similar names.
- Analyze the logic of token generation and reproduce it in your code.
โ ๏ธ Note: Decompilation may violate Xiaomiโs license agreement. Use this method only for personal use!
๐ก
The most reliable methods in 2026 โ ADB (if there is root, and MITM-Proxy, official proxies. API It is only for developers with a confirmed account.
Frequent mistakes and their solutions
When extracting a token, users face typical problems:
- ๐ด Mistake. 401 Unauthorized when requesting API โ Check it out. client_secret and account region.
- ๐ด There is no device table in mihome.db โ Update your Mi Home or use it MITM-proxy.
- ๐ด The token consists of one zero (0000...) โ It's a stub. Try another method.
- ๐ด Proxy doesn't intercept traffic โ Make sure that the proxy certificate is installed on the smartphone.
If you receive a token but it doesnโt work in Home Assistant, check:
- ๐ Model Compatibility (Vacuum Mop P should support miio protocol).
- ๐ Server region (Chinese devices require an account with cn region).
- ๐ Relevance of the token (some keys are valid for a limited time).