How to get a token robot vacuum cleaner Xiaomi Mi Robot Vacuum: 5 working ways

Xiaomi Mi Robot Vacuum has become an integral part of smart homes, but working with them through third-party applications (such as Home Assistant, ioBroker or Mi Home Local) requires a unique device token. This 32-digit key serves as a password to interact with the vacuum cleaner over the local network, bypassing the Xiaomi cloud. Without it, you will not be able to integrate the device in automation, control voice through Alice or Google Assistant without an official application, and use alternative firmware.

The problem is that Xiaomi doesnโ€™t provide the token openly โ€” it needs to be extracted independently. Since 2020, the company has tightened its protection: old methods with reading network traffic have stopped working, and new ones require an account with a link to the Mainland China region or using workarounds. In this guide, we will analyze all the current ways to obtain a token for Mi Robot Vacuum models (including the S5, S6, S7, Mop 2 Pro series, etc.), including bypassing the restrictions of 2026. You will not need root rights or a solder iron โ€“ only a smartphone, a computer and 10-30 minutes of time.

1 What is Xiaomi Token and Why is it Needed

A token (or device token) is a unique 32-character alphanumeric key that is generated by Xiaomi servers when you first connect a device to your Mi Account.

  • ๐Ÿ” Authentication: Confirms that the vacuum cleaner management request comes from a trusted source (your account or local network).
  • ๐ŸŒ Local management: allows you to send commands directly over the MiIO protocol (port 54321), without depending on the cloud servers Xiaomi.

Without a token, you are limited to the official Mi Home app, which:

  • โณ Requires a permanent internet connection to work;
  • ๐Ÿ“ต Does not support automation through third-party systems (e.g. Home Assistant);
  • ๐Ÿ”„ May โ€œloseโ€ the device after resetting or updating the firmware.

With a token, you get:

  • โšก Instant response (commands are performed for the 0.1-0.3 second-on 1-3 seconds through the cloud).
  • ๐Ÿค– Ability to create complex scenarios (e.g., โ€œscheduled cleaningโ€); + humidificationยป).
  • ๐Ÿ›ก๏ธ Work without the Internet (important for cottages or offices with unstable connection).

โš ๏ธ Attention: The token is tied to a specific device and account, and if you drop the vacuum cleaner to the factory settings or re-attach it to another account, the token changes).

2. Method 1: Receiving a token through Mi Home (official method)

This is the easiest way, but it only works for accounts in Mainland China, if your account is linked to Russia, Europe or the United States, go to Method 2.

Steps for accounts with the region of China:

  1. Open the Mi Home app and go to your vacuum cleaner page.
  2. Press three points (โ‹ฎ) top-right โ†’ Settings of the device.
  3. Scroll down and select General Settings โ†’ Device Information.
  4. Find the Mi Home Token (or Device Token) string and copy the 32-digit key.

If there is no token item:

  • ๐Ÿ“ฑ Update the Mi Home to the latest version (at 2026 6.6.100 or later).
  • ๐ŸŒ Make sure your account region is Mainland China (checked in your account profile).
  • ๐Ÿ”„ Reconnect the vacuum cleaner to your account (remove and add again).

โš ๏ธ Note: Changing your account region to Mainland China may result in loss of access to other Xiaomi devices associated with this account (such as smartphones or light bulbs.

๐Ÿ“Š What region does your Mi Home account have?
Mainland China (China)
Russia
Europe
USA
Other

Method 2: Extracting a token through Network Traffic (MITM)

This method works for any region, but requires a computer and basic terminal skills, and the essence is to intercept the token when exchanging data between the vacuum cleaner and Xiaomi servers.

What you need:

  • ๐Ÿ’ป Computer with Windows, macOS or Linux.
  • ๐Ÿ“ฑ Smartphone with Mi Home installed and connected vacuum cleaner.
  • ๐Ÿ› ๏ธ mitmproxy or Fiddler (to intercept traffic).
  • ๐Ÿ”ง Packet Capture (for Android) or rProxy (for iOS).

Step-by-step:

  1. Set up a proxy: Install mitmproxy on your computer: pip install mitmproxy Launch a proxy: mitmproxy --mode transparent --showhost On your smartphone, connect to the same Wi-Fi network as your computer and set up a proxy manually (computer IP, port 8080).

Traffic interception:

  • Open Mi Home and update the status of the vacuum cleaner (for example, click โ€œStart Cleaningโ€).
  • In the mitmproxy terminal, search for a request to the domain api.io.mi.com or miot-spec.org.
  • In the server response, look for the line โ€œtokenโ€: โ€œ...โ€ โ€“ this is your token.

Example of a server response with a token:

{




"result": {




"token": "a1b2c3d4e5f6...32_symbol",




"localIP": "192.168.1.100",




"mac": "78:11:DC:XX:XX:XX"




},




"code": 0




}

Install mitmproxy|Set up a proxy on your smartphone|Launch Mi Home and update status|Find a request to api.io.mi.com|Copy token from the answer-->

โš ๏ธ Note: Xiaomi has been encrypting some of the traffic since 2022. If there is no open token in the responses, try using Packet Capture on Android with decoding enabled SSL (On iOS, this method may not work due to Apple's limitations.

Method 3: Use of MiHome-Binary-Protocol

For users who donโ€™t want to mess around with traffic interception, thereโ€™s a ready-made solution, a mihome-binary-protocol script that automates token extraction. It works by emulating queries to Xiaomi servers.

Requirements:

  • ๐Ÿ–ฅ๏ธ Computer with Python 3.8+.
  • ๐Ÿ“‹ Login and password from the account Mi Account, which is tied to the vacuum cleaner.
  • ๐Ÿ“ก The vacuum cleaner must be online and connected to the same account.

Instructions:

  1. Install the script: git clone https://github.com/Maxmudjon/com.xiaomi-miio.git cd com.xiaomi-miio pip install -r requirements.txt
  2. Start to extract the token: python miio_extractor.py Enter the username (email) and password from Mi Account when requesting.
  3. The script will display a list of devices with their tokens. Find your vacuum cleaner by model (e.g. roborock.vacuum.s5).

Example of conclusion:

Device ID: 123456789




Model: roborock.vacuum.s6




Token: 9876543210abcdef9876543210abcdef




IP: 192.168.1.105

๐Ÿ’ก

If the script gives an Invalid credentials error, enable two-factor authentication in your Xiaomi account and use app token instead of a password. You can get it through this page (Security โ†’ Application Passwords section).

5. Method 4: Token through alternative applications (without PC)

If you donโ€™t have access to a computer, you can extract the token directly from your smartphone using third-party apps, a method that is suitable for Android and iOS, but requires caution (some apps may violate Xiaomiโ€™s policies).

Android apps:

  • ๐Ÿ“ฑ Mi Home Token Extractor (requires root or ADB-access).
  • ๐Ÿ” Packet Capture (for traffic analysis, as in Method 2).
  • ๐Ÿค– Tasker + Plugin Mi Home (for automatic retrieval).

Apps for iOS:

  • ๐Ÿ“ฑ HTTP Catch (to intercept traffic, requires setting up) VPN).
  • ๐Ÿ”Œ Shortcuts + Scriptable (for automating requests).

The following is a step-by-step guide for Packet Capture (Android):

  1. Install Packet Capture from Google Play.
  2. Start recording traffic and open Mi Home.
  3. Update the status of the vacuum cleaner (click on it in the list of devices).
  4. Stop recording and search for a request to api.io.mi.com.
  5. In the answer, look for the token field.

โš ๏ธ Note: iOS apps are often blocked by Apple due to usage VPN-profiles. HTTP Catch doesnโ€™t work, try using Charles Proxy on a Mac with an iPhone connected to you. USB.

6. Method 5: Token through firmware (for advanced users)

This method is suitable for vacuum cleaners with custom firmware installation (such as Valetudo or OpenMiHome) and allows you to get a token directly from the device files, but requires unlocking and firmware.

Supported models:

ModelValetudo supportA soldering iron is required.
Xiaomi Mi Robot Vacuum 1Sโœ… Yes.โŒ No, through UART)
Roborock S5/S5 Maxโœ… Yes.โŒ No.
Roborock S6/S6 Pureโœ… Yes.โš ๏ธ Partially (needs an adapter)
Mi Robot Vacuum-Mop 2 ProโŒ No (for 2026)โŒ No.

Instructions for installation of Valetudo:

  1. Download Valetudo firmware for your model from the official website.
  2. Connect to the vacuum cleaner via UART (you need a USB-to-TTL adapter and opening the case).
  3. Download the firmware through docker or manually (instructions depend on the model).
  4. After installation, open the Valetudo web interface (usually at the address). http://[IP_vacuum cleaner] and find the token in the Settings section โ†’ Mi Cloud.
What happens if you interrupt the firmware?
Interrupting the firmware process can lead to a โ€œbrickingโ€ of the vacuum cleaner (completely inoperable), in which case you will need to flash through ST-Link or contact a service center.

7.Token verification and first commands

Once you receive the token, you need to check it for performance. Use the miio-cli utility or send a test command via curl.

Installation of miio-cli:

npm install -g miio-cli

Connection check:

miio --ip 192.168.1.100 --token your info token

If the token is correct, you will see information about the vacuum cleaner:

{




"model": "roborock.vacuum.s5",




"firmware": "3.5.8_004216",




"battery": 87,




"state": "idle",




...




}

Examples of teams:

  • ๐Ÿ  Start cleaning: miio --ip 192.168.1.100 --token your vacuum token start
  • ๐Ÿ›‘ Stop cleaning: miio --ip 192.168.1.100 --token your vacuum stop token
  • ๐Ÿ”‹ Find out the level of charge: miio --ip 192.168.1.100 --token battery-token

โš ๏ธ Note: If the team returns an Invalid token error, check: ๐Ÿ”„ Correctness of the entered token (32 characters, without spaces). ๐Ÿ“ก IP-vacuum cleaner address (it can change when reconnecting to Wi-Fi). ๐Ÿ”’ Account region (Tokens for Mainland China do not work with servers in other regions). ๐Ÿ’กThe token is not a Wi-Fi password! It's only for local MiIO control. You still need to enter the vacuum cleaner to connect to the network. SSID 8. Frequent errors and solutions When dealing with tokens, users face typical problems. Here are the most common ways to solve them: Error Reason Invalid token Decision Wrong token or account region Check the token for typos. If your account is not Mainland China, use Method 2 or 3. Device not found an offline vacuum cleaner or incorrect IP Check the connection of the vacuum cleaner to Wi-Fi. Find him. IP via router or network scanning (nmap) -sn 192.168.1.0/24). Unauthorized Token is outdated or device re-linked Get a new token (after resetting or changing the account, the token changes). Token does not appear in Mi Home Account not Mainland China Use the method 2 (interception of traffic) or Method 3 (If none of the methods worked: ๐Ÿ”„ Update your vacuum cleaner firmware to the latest version (via Mi Home). ๐Ÿ“ง Contact Xiaomi Support (specify your account model and region). ๐Ÿ› ๏ธ Please visit the Home Assistant forums or 4PDA โ€” There are often laid out current tokens for popular models. FAQ: Answers to popular questions โ“ Can you use one token for multiple vacuum cleaners? No, the token is unique for each device. Even if you have two identical vacuum cleaners Xiaomi Mi Robot Vacuum S6, Everyone will have their own token. โ“ What if the token changed after the firmware update? Updating the firmware does not always lead to a change in the token, but if it did, get a new token in one of the ways described). โ“ Do these methods work for Roborock vacuum cleaners? Yes, Roborock (e.g. models) S5, S6, S7) They use the same MiIO protocol, so all the ways to get a token are applicable. 2023-2026 years (e.g. Roborock) S8 Pro Ultra, where Xiaomi has introduced additional encryption. โ“ Can you get a token without a Wi-Fi connection? No, the token is generated by Xiaomi servers when you first connect the vacuum cleaner to your account over the Internet. Without Wi-Fi, you can only control the vacuum cleaner through physical buttons on the case. โ“ Is it legal to extract the token in this way? Legally, extracting the token for personal use does not violate Xiaomiโ€™s rules, as you are working with your device, but distributing tokens or using them to hack into someone elseโ€™s vacuum cleaners is prohibited and may result in an account being blocked.