Xiaomi · Authentication Profile

Xiaomi Authentication

Authentication

Xiaomi secures its APIs with apiKey, http, and oauth2 across 3 declared security schemes, as derived from its OpenAPI definitions. OAuth 2.0 is offered via the authorizationCode flow(s).

Consumer ElectronicsIoTSmart HomeMobileArtificial IntelligenceCloud StorageMachine Learning
Methods: apiKey, http, oauth2 Schemes: 3 OAuth flows: authorizationCode API key in: header

Security Schemes

hmacAuth http
scheme: custom
apiKeyAuth apiKey
· in: header (api-key)
oauth2 oauth2
· flows: authorizationCode

Source

Authentication Profile

Raw ↑
generated: '2026-07-11'
method: derived
source: openapi/xiaomi-galaxy-fds-openapi.yml, openapi/xiaomi-mimo-api-openapi.yml, openapi/xiaomi-open-api-openapi.yml
summary:
  types:
  - apiKey
  - http
  - oauth2
  api_key_in:
  - header
  oauth2_flows:
  - authorizationCode
schemes:
- name: hmacAuth
  type: http
  scheme: custom
  description: HMAC-based signature authentication. Requests must include a Date header and
    Authorization header with HMAC-SHA1 signature.
  sources:
  - openapi/xiaomi-galaxy-fds-openapi.yml
- name: apiKeyAuth
  type: apiKey
  in: header
  parameter: api-key
  description: API key obtained from the Xiaomi MiMo console.
  sources:
  - openapi/xiaomi-mimo-api-openapi.yml
- name: oauth2
  type: oauth2
  flows:
  - flow: authorizationCode
    authorizationUrl: https://account.xiaomi.com/oauth2/authorize
    tokenUrl: https://account.xiaomi.com/oauth2/token
    scopes: 5
  sources:
  - openapi/xiaomi-open-api-openapi.yml