How to find out the token vacuum cleaner Xiaomi Vacuum Mop: 4 proven ways

Why is Xiaomi’s vacuum cleaner token so important?

The Xiaomi Vacuum Mop device token is a unique 32-digit key that allows you to control the robot through third-party applications (like Home Assistant, Yandex Alice or Node-RED). Without it, you can’t integrate the vacuum cleaner into a smart ecosystem, automate cleaning on schedule or use voice control. The manufacturer doesn’t advertise this option, but it can be extracted legally – and we’ll show you how to do it safely.

It's important to understand that the token is not a password from your Mi Home account, it's a technical ID that's tied to a particular device, and you don't have to change it or update it, you just need to get it once, but if you drop the vacuum cleaner to the factory settings or re-attach it to another account, the token changes and you have to repeat the procedure.

Method 1: Retrieval of the token through the Mi Home App (official method)

The most reliable and easy way is to use the Mi Home mobile app (Chinese or global version).The algorithm works for all Xiaomi Vacuum Mop models, including the S5/S6/S7, Mop 2 Pro and Mop P. You will need a smartphone on Android (on iOS, the method does not work due to Apple’s restrictions).

Steps to obtain a token:

  • πŸ“± Install Mi Home App (version no lower than 6.0).
  • πŸ” Log in to your Xiaomi account and make sure the vacuum cleaner is connected to the app.
  • πŸ”§ Go to Profile. β†’ Settings β†’ General settings β†’ About the programme.
  • πŸ‘† Click 5-7 times on the field with the app version until the Developer mode enabled message appears.
  • πŸ”‘ Return to the main menu, select your vacuum cleaner and open your device settings. β†’ There's a new Token.

Sign in to Xiaomi account in Mi Home App

Connect the vacuum cleaner to the application

Enable the developer mode (taps according to version)

Find the Token section in the device settings-->

⚠️ Note: If the Token item does not appear after the developer mode is activated, upgrade the app to the latest version or try alternative methods (see below). Also make sure that your account is not tied to the China region - in which case the token may be hidden due to local restrictions.

Method 2: Using Packet Capture (for advanced users)

This technique requires network traffic skills, but is suitable for all Xiaomi devices, including vacuum cleaners.The essence is to intercept packets that the Mi Home app sends to the company's servers. These packages contain a device token.

Instructions:

  1. Install a traffic analysis app on your smartphone, such as Packet Capture or HTTP Toolkit.
  2. Start capturing traffic and open the Mi Home App.
  3. Go to the vacuum cleaner settings and perform any action (for example, start cleaning).
  4. Stop the capture and search the logs for requests to the domain api.io.mi.com or cn.api.io.mi.com.
  5. The query body will have the line "token": "your token here" - copy it.
How to filter traffic to speed up search?
Use the filter for the keyword "token" or domain "mi.com." Packet Capture allows you to set an exception for all addresses except mi.com to reduce the amount of data.

Important: Do not pass the intercepted data to third parties. The token gives full control of the device, and its leakage can lead to unauthorized access to your vacuum cleaner.

Method 3: Through the developer console in the browser (web version of Mi Home)

If you don’t have access to an Android smartphone, the token can be extracted through the web version of Mi Home in the browser, which only works for accounts tied to regions in Europe, Russia or the United States.

Step-by-step:

  1. Open home.mi.com in Google Chrome or Mozilla Firefox.
  2. Log in and find your vacuum cleaner in the list of devices.
  3. Press F12 (or Ctrl+Shift+I) to open Developer Tools.
  4. Go to the Network tab and update the page.
  5. Find the XHR type and /home/device/list.
  6. The server's response will be an array of devices. Find an object with a "model": "roborock.vacuum..." and it will have a "token" field.

Mi Home App (Developer Mode)

Packet Capture (traffic analysis)

Browser Console (web version of Mi Home)

Another way.-->

MethodDifficultySkills requiredSuitable for iOS
Mi Home App (Developer Mode)⭐Basic❌ No.
Packet Capture⭐⭐⭐Advanced (network analysis)βœ… Yeah, with jailbreak)
Browser console⭐⭐Knowledge of DevToolsβœ… Yes.
Python script (miio)⭐⭐⭐⭐Programmingβœ… Yes.

Method 4: Automated Python script (for technical users)

If you're familiar with Python, you can use the official python-miio library to extract a token, a method that's universal and works even for devices hidden in the application.

Install the library and execute the script:

pip install python-miio


mirobo discover --handshake 0

The script will display a list of devices in your network from their IP-If the vacuum cleaner is not found, check it:

  • πŸ”Œ Are the smartphone and vacuum cleaner connected to the same Wi-Fi network.
  • πŸ”’ Is the firewall disabled or VPN device-wise.
  • πŸ“‘ Is the vacuum cleaner in standby mode (not in the cleaning process).

mirobo --ip 192.168.x.x info

The address can be found in the router (section) DHCP-clientele).-->

Frequent mistakes and their solutions

When you extract a token, you're faced with typical problems, and here are the most common ways to fix them:

⚠️ Warning: If after receiving the token, the vacuum cleaner stopped responding to commands from the Mi Home App, restart it (hold the power button for 10 seconds.

  • 🚫 The token does not appear in the Mi Home App: Update the app to the latest version. Check the account region (for China, the token may be hidden). Reattach the vacuum cleaner to the account (Device settings) β†’ Untie).
  • πŸ”„ The token changed after the firmware update: This is normal behavior β€” repeat the procedure for receiving. Save the new token in a safe place (for example, in a password manager).
  • 🌐 Packet Capture does not intercept traffic: Make sure VPN Check the proxy settings in the capture app. Try another analyzer (e.g. Fiddler).

πŸ’‘

If none of these methods worked, check to see if your ISP is blocking traffic to Xiaomi servers (especially for corporate networks).

Security: How to protect your token?

The Xiaomi Vacuum Mop token is like a key to an apartment, and if it falls into the wrong hands, an attacker can:

  • 🏠 Remotely start or stop cleaning.
  • πŸ“ Get maps of your home (if the vacuum cleaner supports mapping).
  • πŸ”Š Include voice alerts or beeps.

To avoid the risks:

  • πŸ” Never publish a token in open sources (forums, GitHub, chat rooms).
  • πŸ“± Keep it in a secure place (e.g. KeePass or a secure place). 1Password).
  • πŸ”„ Check the list of connected devices in the Mi Home App (Profile) β†’ Security).
  • πŸšͺ If you suspect a leak, dump the vacuum cleaner to the factory settings (the token will zero).
❓ Can I get a token without root rights on Android?
Yes, all of the methods described (except Packet Capture on some firmware) work without root.
❓ Why a token has 32 characters, and some instructions mention 16?
Xiaomi used to use 16-digit tokens before, but since 2019 has switched to a 32-digit format to improve security.If you see the old format, upgrade the vacuum cleaner firmware.
❓ Does the token work for all Xiaomi Vacuum Mop models?
Yes, but Roborock series devices (such as the S7 MaxV) may require additional authorization through a Roborock account, rather than a Mi Home.
❓ Can I use one token for several vacuum cleaners?
No, the token is unique to each device, so if you have two vacuum cleaners, you need to have a separate key for each.
❓ What to do if the token stopped working after changing Wi-Fi?
The token is not dependent on the Wi-Fi network, but if the vacuum cleaner has been reconnected to a new router, check if its settings have reset. In rare cases, re-attachment to the account helps.