Skip to main content
Copilot uses Personal Access Tokens (PATs) for authentication. Every API request requires a valid token.

Getting a Token

1

Sign in to Colosseum Arena

Go to arena.colosseum.org and sign in with your account. If you don’t have one, sign up first. Any auth method works (email, Google, GitHub).
2

Open the Copilot setup page

Navigate to arena.colosseum.org/copilot. If you’re not signed in, you’ll be redirected to the sign-up page.
3

Copy your token

A token is generated automatically when the page loads. You’ll see it in a text field with a Copy button. Copy it immediately. The token is shown in full only on this page.Below the token, you’ll see a ready-to-paste export snippet for your terminal. Copy that too.
4

Store it securely

Add the token to your shell profile so it persists across sessions:
# Add to ~/.zshrc, ~/.bashrc, or equivalent
export COLOSSEUM_COPILOT_API_BASE="https://copilot.colosseum.com/api/v1"
export COLOSSEUM_COPILOT_PAT="eyJhbGciOi..."
Then reload your shell: source ~/.zshrc

Using Your Token

Pass the token as a Bearer token in the Authorization header: 
curl -X POST "$COLOSSEUM_COPILOT_API_BASE/search/projects" \
  -H "Authorization: Bearer $COLOSSEUM_COPILOT_PAT" \
  -H "Content-Type: application/json" \
  -d '{"query": "MEV protection on Solana"}'
If you’re using the Copilot skill (Claude Code, Codex, or OpenClaw), the skill reads COLOSSEUM_COPILOT_PAT automatically. You don’t need to set the header manually.
Test your token with a quick curl before configuring your coding assistant:
curl "$COLOSSEUM_COPILOT_API_BASE/filters" \
  -H "Authorization: Bearer $COLOSSEUM_COPILOT_PAT"
A successful response returns a JSON object with available filters (tracks, hackathons, clusters, etc.).

Regenerating Your Token

Tokens expire after 90 days. You can also regenerate early if needed:
  1. Go to arena.colosseum.org/copilot
  2. Click Regenerate token
  3. Confirm in the dialog. This invalidates your current token immediately
  4. Copy the new token and update your environment variables
After regenerating, any tool or script using the old token will receive 401 errors until you update it. If you suspect a token has been compromised, regenerate immediately. See API Reference for rate limits and API Reference for error codes.