You bought a Xiaomi robot vacuum cleaner and came across the term βtokenβ (or βtoken Β«API-But you don't know what it is or where to look for it? This article will look at everything from the appearance of the token to how it is obtained and used. We will show real screenshots from the Mi Home app, explain why the token is important for integration with Home Assistant, Alice from Yandex or third-party firmware, and warn about the risks of its disclosure.
To be clear, the token is a unique numeral code that identifies your vacuum cleaner in the Xiaomi ecosystem. Without it, it is impossible to connect the device to alternative smart home systems or use advanced features through the use of a new system. API. Externally, it looks like a long string of 32 characters (digits and Latin letters in lower case), for example: a1b2c3d4e5f6...z9y8x7w6v5u4t3s2. But where to find him?
Unlike the serial number (which is usually marked on the case or box), the token cannot be seen physically β it is generated software and stored only in the Xiaomi cloud or locally in the application.
What is Xiaomi vacuum cleaner token and why you need it
A token (or API-token) is a password analog for accessing vacuum cleaner control via MiOT (Mi IoT) protocol.
- π Integrate vacuum cleaner into smart home systems (Home Assistant, OpenHab, ioBroker).
- π± Manage your device through third-party applications (such as Mi Home Alternative or Robot Vac).
- π οΈ Use advanced functions not available in the official annex (e.g., coordinate zoning).
- π£οΈ Connect voice assistants (Alice, Google Assistant) without region restrictions.
Without a token, you are limited to only the basic features in Mi Home, such as:
- β Set up automatic cleaning on schedule through Home Assistant.
- β Receive notifications about the completion of cleaning in Telegram.
- β Use alternative maps with detailed visualization.
Important: the token is tied to a specific device and Mi Account. If you dump the vacuum cleaner to the factory settings or sell it, the token will become invalid. Xiaomi can also block the token if unauthorized access is suspected (for example, if too many requests to the token are made to the token). API).
What the token looks like: format and examples
Xiaomi vacuum cleaner token is a string of 32 symbols, consisting of Latin letters (a-f) and numbers (0-9). Examples:
- 5f3e2d1c0b9a8f7e6d5c4b3a2f1e0d9c
- 1a2b3c4d5e6f7a8b9c0d1e2f3a4b5c6d
- 9876543210abcdef9876543210abcdef
Please note:
- β Symbols are always in lower case (no capital letters).
- β No gaps, dashes or other dividers.
- β It is always 32 characters long β if you have shorter or longer, it is not a token.
| Characteristics | Description |
|---|---|
| Length | 32 characters |
| Register | Only the bottom (a-f, 0-9) |
| Example | a1b2c3d4e5f67a8b9c0d1e2f3a4b5c6d |
| Where it's stored | In the cloud Xiaomi or locally in Mi Home |
| Duration of validity | Before resetting the device or changing the account |
Users sometimes confuse the token with other identifiers:
- β Serial number (S/N) β It is written on the body, consists of letters and numbers, but shorter (for example, 123456789ABC).
- β MAC-address XX:XX:XX:XX:XX:XX (for example, 1A:2B:3C:4D:5E:6F).
- β ID Device (did) β a digital identifier in Mi Home (e.g. 12345678).
π‘
If you see a string that is 64 characters long, it's not a token, it's an encrypted key (for example, for firmware), and the token is always 32 characters.
Where to find a token in the Mi Home app (official way)
Since 2023, Xiaomi has hidden the tokens from users for security reasons, but they can still be extracted legally through debugging mode in Mi Home.
- Open Mi Home and go to profile (the human icon in the lower right corner).
- Press on. β Settings β About the programme.
- Tap the app version 10 times in a row until the notification βDeveloper Mode is onβ appears.
- Return to the main menu, open the device settings (vacuum cleaner) and find a new item Information for developers.
- In this section, you will have a Token string β copy it.
For iOS, the way is more complicated:
- β Requires jailbreak or special software (for example, MiToken).
- β The alternative is to use MITM-Proxies (e.g. Fiddler) to intercept traffic.
If there is no βInformation for Developersβ item:
- πΉ Update Mi Home to the latest version.
- πΉ Check that the vacuum cleaner is connected to the same account from which you logged in to the application.
- πΉ For some models (e.g. Xiaomi Mi Robot Vacuum-Mop 2 Pro), the token may be hidden β an alternative method will be required (see next section).
βοΈ Preparation for the extraction of the token
Alternative ways to get a token (if it is not in the Mi Home)
If the official method didnβt work, try these options:
1. via the Mi Account web interface
Go to account.xiaomi.com, log in and:
- Open the devices. β Your vacuum cleaner.
- Press Settings β Additionally.
- V URL-The address of the page will be the did parameter=... β it ID It can be used to generate a token through API.
2. With Python script (for advanced ones)
Install a python-miio library and do:
from miio import Vacuum
vacuum = Vacuum(ip="192.168.1.100", token="YOUR_TOKEN_HERE")
print(vacuum.info())Replace 192.168.1.100 with IP-address of your vacuum cleaner in the local network.
3. Through parser applications
Applications like Mi Token Extractor (Android) or Token Grabber (Windows) automatically extract the token from Mi Home traffic.
- β οΈ The possibility of transferring data to third parties.
- β οΈ Blocking your account with frequent requests.
What to do if the token does not work?
Risks and security: what happens if the token falls into the wrong hands
The token gives you complete control of your vacuum cleaner, and if it's stolen, the intruder can:
- π¨ Start/stop cleaning at any time.
- π Get a map of your home (with the layout of walls and furniture).
- π Turn on voice alerts or sounds.
- π Update the firmware of the device (potentially βbrickβ it).
β οΈ Warning: Never publish a token in open sources (forums, GitHub, chats). Use environment variables or encrypted storage to integrate with Home Assistant.
How to defend yourself:
- π Store the token in a password manager (e.g., KeePass or Bitwarden).
- π Change your Mi Account password regularly (this will reset all active tokens).
- π‘οΈ Set up two-factor authentication in Mi Account.
- π΅ Limit access to the vacuum cleaner on the local network (for example, through router rules).
If you suspect a token leak:
- Change your password from your Mi Account immediately.
- Reset the vacuum cleaner to factory settings (Settings) β Reset at Mi Home).
- Create a new token (it is generated automatically after a reset).
π‘
A token is like a key to your apartment, but for a vacuum cleaner. Keep it as carefully as real keys.
Examples of Token Use: From Home Assistant to Alice
Letβs consider the popular scenarios of the use of the token.
1.Integration with Home Assistant
Add to the configuration.yaml file:
vacuum:
- platform: xiaomi_miio
host: 192.168.1.100
token: YOUR_TOKEN_HERE2. Management through Alice (Yandex)
In the settings of the skill "Xiaomi" in the Yandex application, specify:
- IP-vacuum-dress.
- Token.
- Model of device (e.g, roborock.vacuum.a1).
3. Alternative applications (e.g. Robot Vac)
When you first connect, enter:
- IP-vacuum cleaner address (find in router or via Mi Home).
- Token.
- Region (usually cn for China or ru for Russia)
| Service | What can I do? | Example of team |
|---|---|---|
| Home Assistant | Automatic cleaning on schedule | automation: trigger: platform: time pattern: "08:00:00" action: service: vacuum.start entity_id: vacuum.xiaomi_vacuum |
| Alice. | Voice-activated cleaning | "Alice, run the vacuum cleaner in the living room." |
| Robot Vac | Zoning by coordinates | Set the zone: [20000,20000,25000,25000] |
miio --ip 192.168.1.100 --token YOUR_TOKEN infoIf the team returns information about the vacuum cleaner (model, charge, status) β the token works.-->
Frequent mistakes and how to fix them
If the token does not work, check:
β οΈ Attention: Device not found often means that the vacuum cleaner and the device you are sending the command from are on different networks.
| Mistake. | Reason. | Decision |
|---|---|---|
| Invalid token | Wrong token or dropped account | Get a new token (see section above) |
| Device offline | The vacuum cleaner's off the grid. | Check the Wi-Fi connection on the vacuum cleaner |
| Unsupported device | The wrong model in the configuration | Please indicate the correct do or model. |
| Too many requests | Exceeded the limit of requests to the API | Wait 10-15 minutes or change the token |
If the vacuum cleaner does not respond to commands:
- Reboot it (hold the power button for 5 seconds).
- Check if the router firewall is blocking traffic to port 54321 (used for MiOT).
- Update the vacuum cleaner firmware through Mi Home.