Why Xiaomi vacuum cleaner token is so important and where it is used
The Xiaomi device token is a unique 32-digit key that allows you to control a robot vacuum cleaner through third-party applications, scripts or smart home systems. Without it, you can not integrate a vacuum cleaner into Home Assistant, ioBroker or use alternative firmware like Valetudo. Many users face the need to extract the token after buying a used device or when switching from the Chinese Mi Home server to the European one.
In 2023-2026, Xiaomi tightened its security policy: tokens no longer appear in plain form in the application, and old methods of obtaining (via batch sniffer or Mi Home logs) ceased to work. Now, to extract a token, you need to either use official tools with restrictions or resort to workarounds. In this article, we will discuss all the current methods, including those that work with the latest versions of Roborock, Mi Robot Vacuum and Dreame firmware.
We warn you right away: some methods require technical skills (working with the ADB, Python HTTP-If you are a beginner, start with the simplest one: through the Mi Home app (Section 2). For experienced users, we have prepared advanced instructions using miio-cli and manual network traffic parsing.
Method 1: Receiving a token through the Mi Home app (official method)
This is the easiest way, but it only works for devices tied to your Xiaomi account. If the vacuum cleaner was bought used or tied to another region (like a Chinese server), this method will not work - you will need a reset or alternative solutions.
Instructions:
- π± Open the Mi Home app and go to the section with your vacuum cleaner.
- π§ Click on three dots in the upper right corner β Settings of the device.
- π Scroll down to General Settings β Device information.
- π You can see the Token bar (older versions of the app) or the Export token button. If you don't have one, read on.
β οΈ Note: Since 2023, Xiaomi has hidden tokens in the app for most regions.If you donβt see this item, try changing your account region to China (mainland) or use the methods in the following sections.
If the token is displayed, copy it and save it in a secure location (such as a password manager) that gives you full access to the device, so donβt give it to third parties.
Method 2: Extracting a token through HTTP-server (for technically savvy)
This method works by intercepting network traffic between the Mi Home app and Xiaomi servers, requiring a computer and basic terminal knowledge, but is universal for all models of vacuum cleaners (including the Roborock S7, Mi Vacuum Mop 2 Pro, etc.).
Algorithm of action:
- Install Python 3.x on your computer and mitmproxy library (via pip install mitmproxy).
- Launch mitmproxy and set it up to intercept HTTPS-Traffic (instruction below).
- On your phone, connect to the same Wi-Fi network as your computer and install the mitmproxy certificate (download http://mitm.it).
- Launch the Mi Home app, log in to your account and wait for the vacuum cleaner to connect to the network.
- In the mitmproxy logs, find a request for the domain api.io.mi.com - it will contain a string with a token.
Detailed command to run mitmproxy:
mitmproxy --mode transparent --showhost --ssl-insecureOnce launched, open http://mitm.it in your browser and install the certificate on your phone. Then, in Mi Home, update the status of the device and the token will appear in the log format:
"token": "5f4dcc3b5aa765d61d8327deb882cf99"β οΈ Note: This method may not work on the latest Mi Home versions (6.0)+) If the token is not displayed, try rolling back to app version 5.9 or using the method with miio-cli (section 4).
Install Python 3.x|Install mitmproxy (pip install mitmproxy)|Connect your phone and computer to the same network|Install a mitmproxy certificate on your phone|Start mitmproxy in transparent mode-->
Method 3: Use of the miio-cli utility (for Linux/macOS/Windows)
Miio-cli is Xiaomiβs official tool for managing devices using the MiIO protocol, which not only allows you to get a token, but also sends commands to the vacuum cleaner directly, and is suitable for users familiar with the command line.
Steps to obtain a token:
- Install Node.js (version 14+) and execute the command: npm install -g miio-cli
- Connect the vacuum cleaner to the same network as the computer.
- Start scanning devices: miio discover In the answer find IP-address of vacuum cleaner and its deviceID.
- Get the token command: miio --ip [IP_vacuumer] --token [symbol] --discover-token For example: miio --ip 192.168.1.100 --token 123 --discover-token
If the command is successful, you will receive a response in the following format:
Token: 5f4dcc3b5aa765d61d8327deb882cf99 via miIO protocolThis method works for most models, including the Roborock S5/S6/S7, Mi Robot Vacuum 1S and Dreame Bot Z10 Pro. However, some firmware (such as Chinese) may require additional authentication through a Xiaomi account.
What if the Miio-Cli can't find the device?
Method 4: Manual token extraction from Mi Home (Android) files
On Android devices, Xiaomi device tokens are stored encrypted in the Mi Home app folder. To extract them, you will need root access or use the adb utility (without root rights, you can only get a part of the data).
Instructions for users with root:
- Install a file manager with root support (such as Root Explorer).
- Go on the path: /data/data/com.xiaomi.smarthome/databases
- Copy the mihome.db file to your computer.
- Open it with SQLite Browser and query: SELECT token FROM devices WHERE model LIKE '%vacuum%' OR model LIKE '%roborock%';
For users without root:
- π± Connect your phone to your computer and turn on Debugging. USB.
- π₯οΈ Follow the command: adb backup -f mihome.ab com.xiaomi.smarthome
- π Use the Android Backup Extractor (Abe) utility to extract mihome.db from the archive.
β οΈ Note: Latest versions of Mi Home (6.0)+) If you see a 32-digit key in the database, rather than a set of incomprehensible characters, use the decryption manual.
π‘
If you don't have root rights, but you have a backup of Mi Home (made via Titanum Backup or analogues), try extracting mihome.db from it. Often the tokens are stored there in the open.
Method 5: Alternative methods (for rare cases)
If none of the above methods worked, try these options:
| Method | When to apply | Difficulty | Notes |
|---|---|---|---|
| Mi Account Token Extractor | There is access to the account Xiaomi, which is tied to the vacuum cleaner | Medium | Requires authorization by cookies from the browser |
| Resetting the vacuum cleaner to factory settings | The device is tied to someone else's account | Just | After resetting the vacuum cleaner must be reconfigured |
| Appeal for Xiaomi support | The vacuum cleaner is officially purchased, there is a check | Long time. | Proof of purchase may be required |
| Buying a token on forums | Extreme case (not recommended) | Dangerous. | High risk of fraud |
To reset the Xiaomi/Roborock vacuum cleaner to the factory settings, press the power button for 10-15 seconds until you hear the beep. After that, the device can be linked to your account and receive the token in the standard way.
Important: If the vacuum cleaner was bought hand-held and tied to someone elseβs Xiaomi account, a reset doesnβt always help β some models (such as the Roborock S7 with Chinese firmware) require confirmation of the original owner.
Frequent Mistakes and How to Avoid Them
When trying to get a token, users often face typical problems, including the most common ones and ways to solve them:
- π« Miio-cli: Check that the vacuum cleaner and the computer are on the same network. VPN and the firewall. IP-vacuum address.
- π The token changes after the vacuum cleaner is restarted: This is normal for some models (like Dreame).Use a permanent token that can be obtained through Mi Home API.
- π The Mi Home app asks for confirmation SMS When logging in: If your account is linked to a Chinese number, use +86 in front of the number or create a new account with a Russian / European number.
- π΅ Mitmproxy does not intercept traffic: Make sure the phone has a mitmproxy certificate installed and encryption disabled in Mi Home (in the app settings).
If you are using Home Assistant or ioBroker, make sure the configuration file indicates the correct deviceID (it can be found in Mi Home in device information or via miio discover).
vacuum:
- platform: xiaomi_miio
host: 192.168.1.100
token: 5f4dcc3b5aa765d61d8327deb882cf991. Correctness IP-Addresses (it may change when the router restarts).
2. no locks in the router (some models block local traffic miIO).
3. vacuum cleaner firmware version (Chinese firmware may require additional authentication).-->