> ## Documentation Index
> Fetch the complete documentation index at: https://docs.colosseum.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Copilot API using Personal Access Tokens

Copilot uses Personal Access Tokens (PATs) for authentication. Every API request requires a valid token.

## Getting a Token

<Steps>
  <Step title="Sign in to Colosseum Arena">
    Go to [arena.colosseum.org](https://arena.colosseum.org) and sign in with your account. If you don't have one, sign up first. Any auth method works (email, Google, GitHub).
  </Step>

  <Step title="Open the Copilot setup page">
    Navigate to [arena.colosseum.org/copilot](https://arena.colosseum.org/copilot). If you're not signed in, you'll be redirected to the sign-up page.
  </Step>

  <Step title="Generate and copy your token">
    Click **Generate your token**. The token appears once — copy it immediately using the **Copy** button. The full token is only shown on this page.

    Below the token, you'll see a ready-to-paste `export` snippet for your terminal. Copy that too.
  </Step>

  <Step title="Store it securely">
    Add the token to your shell profile so it persists across sessions:

    ```bash theme={null}
    # Add to ~/.zshrc, ~/.bashrc, or equivalent
    export COLOSSEUM_COPILOT_API_BASE="https://copilot.colosseum.com/api/v1"
    export COLOSSEUM_COPILOT_PAT="eyJhbGciOi..."
    ```

    Then reload your shell: `source ~/.zshrc`
  </Step>
</Steps>

## Using Your Token

Pass the token as a Bearer token in the `Authorization` header:

```bash theme={null}
curl -X POST "$COLOSSEUM_COPILOT_API_BASE/search/projects" \
  -H "Authorization: Bearer $COLOSSEUM_COPILOT_PAT" \
  -H "Content-Type: application/json" \
  -d '{"query": "MEV protection on Solana"}'
```

If you're using the Copilot skill (Claude Code, Codex, or OpenClaw), the skill reads `COLOSSEUM_COPILOT_PAT` automatically. You don't need to set the header manually.

<Tip>
  Test your token with a quick `curl` before configuring your coding assistant:

  ```bash theme={null}
  curl "$COLOSSEUM_COPILOT_API_BASE/filters" \
    -H "Authorization: Bearer $COLOSSEUM_COPILOT_PAT"
  ```

  A successful response returns a JSON object with available filters (tracks, hackathons, clusters, etc.).
</Tip>

## Regenerating Your Token

Tokens expire after 90 days. You can also regenerate early if needed:

1. Go to [arena.colosseum.org/copilot](https://arena.colosseum.org/copilot)
2. Click **Regenerate token**
3. Confirm in the dialog. This **invalidates your current token immediately**
4. Copy the new token and update your environment variables

After regenerating, any tool or script using the old token will receive `401` errors until you update it. If you suspect a token has been compromised, regenerate immediately.

See [API Reference](/copilot/api-reference#rate-limits) for rate limits and [API Reference](/copilot/api-reference#error-handling) for error codes.