Owners of robotic vacuum cleaners from Xiaomi, Roborock or Viomi often face the need to obtain a special access key, known as a token, this digital ID is required for a reason: without it, it is impossible to configure local control of the device, integrate it into smart home systems like Home Assistant or use advanced third-party applications.
Users are looking for where to get a token for a Xiaomi vacuum cleaner when standard cloud connectivity methods no longer meet their automation needs, often after changing region, buying a device from a Chinese marketplace, or wanting to manage a cleanup without the Internet.
In this article, we will discuss in detail all the current ways to obtain a token, explain the difference between a device token and an account token, and consider methods for bypassing locks by region.
What is a token and why does the owner need it?
A token is a unique string of characters (usually 32 characters) that serves as an authorization key between your smartphone and a robot vacuum cleaner on a local network. Unlike cloud management, where commands go through Xiaomi servers, a local token allows you to send commands directly to the local network. IP-Device address in your Wi-Fi network.
The main reason users are looking for a way to get a token is to break their dependence on the manufacturerβs servers. If the IoT servers fall or your account is blocked, the vacuum cleaner will turn into a useless piece of plastic without this access key.
In addition, the token is necessary for:
- π Integration with Home Assistant, Node-RED, or OpenHab to create complex scenarios.
- π Manage the device from anywhere in the world without being tied to a specific region in the application.
- π οΈ Debugging and testing teams through protocol MIOT or MIIO.
It is important to understand that the token is not static forever, although in practice it rarely changes on its own. However, when you reset the Wi-Fi module of the vacuum cleaner or completely re-bind the device in the Mi Home application, the token can change and the procedure for obtaining it will have to be repeated.
β οΈ Warning: Never give your token to anyone.Knowing the token and IP-The address of your device on the local network, an attacker (for example, through malware on another device on the network) can gain full control of the vacuum cleaner.
Official method: Receipt through the Mi Home app
The easiest and safest way to find a token is to use the official Mi Home app, which developers have hidden deeper into the menu in recent versions, but is still available for most devices, a method that doesnβt require installing additional software on your computer.
First, make sure your vacuum cleaner is connected to the same Wi-Fi network as your smartphone. Open the Mi Home app, select your robot vacuum cleaner card. Next, the algorithm depends on the version of the interface, but the general path looks like this:
- Click on the three dots in the upper right corner of the screen (the device settings menu).
- Scroll down to the General Settings or Device Settings section.
- Find the item "Device Information" or "Network Information".
- The "Token" line will display the desired 32-character code.
If this item is hidden or displayed with asterisks in your application, try to switch the region of the account. Sometimes the token is only visible when you select the region "China" or "Europe", even if the device is tied to another.
What to do if the token is hidden by stars?
If you have stars or zeros in the token field, your version of the app is hiding that information. APK-Mi Home application file (versions) 5.x early 6.x), where this function was opened by default.> Alternatives: Python and Xiaomi Cloud Token Extractor When standard methods don't work, enthusiastic tools come to the rescue. The most popular and time-tested way is to use the Xiaomi Cloud Token Extractor utility. This tool allows you to extract tokens of all devices associated with your Xiaomi account directly from the cloud. To work, you will need a computer with Python installed. Don't worry, the procedure is quite simple and does not require deep knowledge of programming. First you need to install the miio library or download the ready-made script extractor from the GitHub repository. The process of obtaining a token is as follows: π₯ Download the archive with the Xiaomi Cloud Token Extractor utility. π» Launch the file. token_extractor.bat (for Windows) or a script through the terminal. π Enter the login and password from your Mi Account. π Select the device from the list (for example, roborock.vacuum.v10). The script will contact Xiaomi servers, log in and issue a list of all devices with their tokens and IP-This is one of the most reliable methods, as it works regardless of whether the vacuum cleaner is currently on or not (as long as it is linked to the account). β οΈ Note: By using third-party scripts to enter your Mi Account login and password, you are formally transferring your data to third parties.Although the open utility code can be verified, there is always a risk. One of the main reasons why users are looking for a token is the problem of regional incompatibility. Vacuum cleaners purchased on AliExpress or Gearbest are often Chinese versions (CN Version). When you try to link them to a European or Russian server in the Mi Home application, you will not be able to manage the device without the token and the correct binding. If the application says "The device is connected to another region", the standard methods for obtaining a token through settings may not work, since the device card simply does not open. In this case, the method with an emulator or a Chinese version of the application with a "Mistack" (Installer, installing the "Intra region, you install the "Intra-based" the "Intra-computer" or the "Intra-computer" version of the "Intra-computer" or the "Intra-computer" the region" or "Intra-computer" version of the "Insertor" Home". Use a login extractor script from this Chinese account to retrieve the token. The resulting token often works to manage through third-party integrations, even if the account region and devices do not formally match in your main application. However, it is better to link the device to the region it is designed for to work in order to work stably. Token reset and device retie Sometimes there is a situation when the token stops working. This can occur after resetting the router settings, changing the password from Wi-Fi or updating the vacuum cleaner. In such cases, a procedure is required to reset and reset the key to reset the Robock, or reset the network housing. This is usually the simultaneous pressing of the Home and Power button (or cleaning button) during the 5-10 So, the second that the device will beep and announce that it's going into pairing mode: π Remove the device from the Mi Home app completely. π‘ Add it back as a new device. π Get a new token by any of the methods described above. βοΈ Update the configuration to Home Assistant or other software. All integrations using the old key will stop responding until you prescribe a new one. Compatibility table and popular models Not all Xiaomi vacuum cleaners models are equally willing to give away their tokens. Some new models with the protocol MIOT More sophisticated authentication methods are required, while older models are miIO-based (like Roborock). S50 or Xiaomi Vacuum 1) very easy to manage. Below is a table of popular models and features of getting a token for them: Device Model Communication Protocol Difficulty getting a Note Xiaomi Vacuum 1 / S50 miIO Low Token is visible in older versions of Mi Home Roborock S5 Max / S6 miIO / MIOT Average Required token extractor Mop 2 MIOT High Need account with the region of the Dreame Bot L10s MIOT Device High Frequent Token Change in Failures For devices with the MIOT protocol (newer models) the command structure differs from the classic miIO Required token Token Extor Extor Extortortor tokens, if you are going to use your token token token tokens for the nature, and the tokens, the tokens, the to make sure that your Tokens are used by the token token token token tokens often use the token tokens, the tokens, the tokens are used by the tokens, and the tokens are used by the token The most common problem is the Timeout or Device offline error when you try to request a token with a script, which means that the computer running the script and the vacuum cleaner are on different subnets, or the firewall is blocking the connection. 192.168.x.x Another common mistake is the wrong username or password. Please note that if you log in through a phone number, some scripts need to specify the country code (for example, the country code, +7 for Russia or 86 for China. Try using email instead of phone number to log in to the extractor. β οΈ Note: Do not attempt to pick up a token by brute-force.This is technically impossible due to the length of the key, but may result in your temporary lock. IP-Xiaomi servers for suspicious activity. If nothing works, check if your Xiaomi account is blocked by APIs. This happens when you have too many requests. Wait 24 hours before trying again. Conclusion and security tips Getting a token for a Xiaomi vacuum cleaner is a necessary step for those who want to squeeze the most out of their smart device. Despite the apparent complexity, the process is fairly standardized and takes only a few minutes with the right tools. The main thing is to be careful when working with credentials. Use proven repositories on GitHub for scripts, do not enter the password from the main account in suspicious online service. FAQ: Frequently asked questions: Can you get a token without root rights on Android? Yes, absolutely. Most current methods, including using Python scripts on a PC or web versions of extractors, do not require root rights on a smartphone. Root is only for very old methods through the analysis of the traffic of the application itself on the phone. Will the token change if I reinstall the Mi Home app? No, the device token itself is tied to the Device - Account. Re-installing the application on the phone will not change the token. It will only change if you delete the device from the account and re-link it to the Chinese account, or if you use the token in the Chinese one, after you use the vacuum cleaner in the Chinese one, where you use the to the token. The token will work for local management regardless of your physical location. Is it safe to use third-party apps to get a token? Using open-source scripts on GitHub, such as Xiaomi Cloud Token Extractor, is considered a relatively secure community, since the code can be verified. However, the risk of passing on your login and password to third parties always remains. The best way is to create a separate Xiaomi account specifically for the smart home.