Why is Xiaomiβs vacuum cleaner token so important?
The Xiaomi Vacuum Mop device token is a unique 32-digit key that allows you to control the robot through third-party applications (like Home Assistant, Yandex Alice or Node-RED). Without it, you canβt integrate the vacuum cleaner into a smart ecosystem, automate cleaning on schedule or use voice control. The manufacturer doesnβt advertise this option, but it can be extracted legally β and weβll show you how to do it safely.
It's important to understand that the token is not a password from your Mi Home account, it's a technical ID that's tied to a particular device, and you don't have to change it or update it, you just need to get it once, but if you drop the vacuum cleaner to the factory settings or re-attach it to another account, the token changes and you have to repeat the procedure.
Method 1: Retrieval of the token through the Mi Home App (official method)
The most reliable and easy way is to use the Mi Home mobile app (Chinese or global version).The algorithm works for all Xiaomi Vacuum Mop models, including the S5/S6/S7, Mop 2 Pro and Mop P. You will need a smartphone on Android (on iOS, the method does not work due to Appleβs restrictions).
Steps to obtain a token:
- π± Install Mi Home App (version no lower than 6.0).
- π Log in to your Xiaomi account and make sure the vacuum cleaner is connected to the app.
- π§ Go to Profile. β Settings β General settings β About the programme.
- π Click 5-7 times on the field with the app version until the Developer mode enabled message appears.
- π Return to the main menu, select your vacuum cleaner and open your device settings. β There's a new Token.
Sign in to Xiaomi account in Mi Home App
Connect the vacuum cleaner to the application
Enable the developer mode (taps according to version)
Find the Token section in the device settings-->
β οΈ Note: If the Token item does not appear after the developer mode is activated, upgrade the app to the latest version or try alternative methods (see below). Also make sure that your account is not tied to the China region - in which case the token may be hidden due to local restrictions.
Method 2: Using Packet Capture (for advanced users)
This technique requires network traffic skills, but is suitable for all Xiaomi devices, including vacuum cleaners.The essence is to intercept packets that the Mi Home app sends to the company's servers. These packages contain a device token.
Instructions:
- Install a traffic analysis app on your smartphone, such as Packet Capture or HTTP Toolkit.
- Start capturing traffic and open the Mi Home App.
- Go to the vacuum cleaner settings and perform any action (for example, start cleaning).
- Stop the capture and search the logs for requests to the domain api.io.mi.com or cn.api.io.mi.com.
- The query body will have the line "token": "your token here" - copy it.
How to filter traffic to speed up search?
Important: Do not pass the intercepted data to third parties. The token gives full control of the device, and its leakage can lead to unauthorized access to your vacuum cleaner.
Method 3: Through the developer console in the browser (web version of Mi Home)
If you donβt have access to an Android smartphone, the token can be extracted through the web version of Mi Home in the browser, which only works for accounts tied to regions in Europe, Russia or the United States.
Step-by-step:
- Open home.mi.com in Google Chrome or Mozilla Firefox.
- Log in and find your vacuum cleaner in the list of devices.
- Press F12 (or Ctrl+Shift+I) to open Developer Tools.
- Go to the Network tab and update the page.
- Find the XHR type and /home/device/list.
- The server's response will be an array of devices. Find an object with a "model": "roborock.vacuum..." and it will have a "token" field.
Mi Home App (Developer Mode)
Packet Capture (traffic analysis)
Browser Console (web version of Mi Home)
Another way.-->
| Method | Difficulty | Skills required | Suitable for iOS |
|---|---|---|---|
| Mi Home App (Developer Mode) | β | Basic | β No. |
| Packet Capture | βββ | Advanced (network analysis) | β Yeah, with jailbreak) |
| Browser console | ββ | Knowledge of DevTools | β Yes. |
| Python script (miio) | ββββ | Programming | β Yes. |
Method 4: Automated Python script (for technical users)
If you're familiar with Python, you can use the official python-miio library to extract a token, a method that's universal and works even for devices hidden in the application.
Install the library and execute the script:
pip install python-miio
mirobo discover --handshake 0The script will display a list of devices in your network from their IP-If the vacuum cleaner is not found, check it:
- π Are the smartphone and vacuum cleaner connected to the same Wi-Fi network.
- π Is the firewall disabled or VPN device-wise.
- π‘ Is the vacuum cleaner in standby mode (not in the cleaning process).
mirobo --ip 192.168.x.x info
The address can be found in the router (section) DHCP-clientele).-->
Frequent mistakes and their solutions
When you extract a token, you're faced with typical problems, and here are the most common ways to fix them:
β οΈ Warning: If after receiving the token, the vacuum cleaner stopped responding to commands from the Mi Home App, restart it (hold the power button for 10 seconds.
- π« The token does not appear in the Mi Home App: Update the app to the latest version. Check the account region (for China, the token may be hidden). Reattach the vacuum cleaner to the account (Device settings) β Untie).
- π The token changed after the firmware update: This is normal behavior β repeat the procedure for receiving. Save the new token in a safe place (for example, in a password manager).
- π Packet Capture does not intercept traffic: Make sure VPN Check the proxy settings in the capture app. Try another analyzer (e.g. Fiddler).
π‘
If none of these methods worked, check to see if your ISP is blocking traffic to Xiaomi servers (especially for corporate networks).
Security: How to protect your token?
The Xiaomi Vacuum Mop token is like a key to an apartment, and if it falls into the wrong hands, an attacker can:
- π Remotely start or stop cleaning.
- π Get maps of your home (if the vacuum cleaner supports mapping).
- π Include voice alerts or beeps.
To avoid the risks:
- π Never publish a token in open sources (forums, GitHub, chat rooms).
- π± Keep it in a secure place (e.g. KeePass or a secure place). 1Password).
- π Check the list of connected devices in the Mi Home App (Profile) β Security).
- πͺ If you suspect a leak, dump the vacuum cleaner to the factory settings (the token will zero).