A NodeJS wrapper for Tuya's cloud API

Usage no npm install needed!

<script type="module">
  import tuyapiCloud from 'https://cdn.skypack.dev/@tuyapi/cloud';


tuyapi/cloud Build Status Coverage Status XO code style

A NodeJS wrapper for Tuya's API.

At the moment, only the mobile/app API is supported as it covers the vast majority of use cases.

There are two modes of operation:

  • the 'old' API - described in the docs, using MD5 as a sign mechanism
  • the 'new' API - reverse-engineered from the TuyaSmart Android app, using HMAC-SHA256 as a sign mechanism

If you can, use the old API. Unfortunately, for some clientId/key's you must use the new API (eg. clientId used by TuyaSmart app). To use the the new API, specify apiEtVersion as an option in constructor (currently '0.0.1').

Step-by-step instructions for acquiring keys to use with the old API can be found here.

Obtaining keys for new API (additional parameters secret2 and certSign are required) involves disassembling obtained an APK file (either official app or generated "demo" app from iot.tuya.com). For details see tuya-sign-hacking repo.


npm i @tuyapi/cloud


old API (register/login and create token):

const Cloud = require('@tuyapi/cloud');

let api = new Cloud({key: 'your-api-app-key', secret: 'your-api-app-secret'});

api.register({email: 'example@example.com', password: 'example-password'}).then(async sid => {
  let token = await api.request({action: 'tuya.m.device.token.create', data: {'timeZone': '-05:00'}});

  console.log(token) // => { secret: '0000', token: '01010101' }

new API (listing all devices in all groups):

const Cloud = require('@tuyapi/cloud');

let api = new Cloud({key: apiKeys.key,
                     secret: apiKeys.secret,
                     secret2: apiKeys.secret2,
                     certSign: apiKeys.certSign,
                     apiEtVersion: '0.0.1',
                     region: 'EU'});

api.loginEx({email: myEmail, password: myPassword}).then(async sid => {

  api.request({action: 'tuya.m.location.list'}).then(async groups => {
    for (const group of groups) {
      api.request({action: 'tuya.m.my.group.device.list', gid: group.groupId}).then(async devicesArr => {
        for (const device of devicesArr) {
           console.log('group: "%s"\tdevice: "%s"\tdevId: "%s"', group.name, device.name, device.devId);



  1. After cloning, run npm i.
  2. Add a file called keys.json with the contents
  "key": "your-api-key",
  "secret": "your-api-secret"
  // for new API: add also secret2 and certSign
  1. Create a file called dev.js as a playground. Since dev.js is in .gitignore, it won't be committed.
  2. To run tests, run npm test.
  3. To output coverage, run npm run cover (it will exit with an error).
  4. To build documentation, run npm run document.