# general

Christoph Oswald

05/23/2022, 2:27 PM
Hi, I am having a conceptional question. I am trying to setup a contract between two services. A (consumer) and B(provider). To secure the communication a header is injected by a running side-container, so A actually does not know about this security header. Service B however needs this header to verify the user etc, and it is always checked before handling the requests. Where would I place setting up this header? As part of the consumer-contract? Even though the application A does not really know about it or on the provider side? At the moment I would implement a state "user exists" or "user is authenticated" in the consumer pact and try to setup this header somehow in the provider. Is this the way to go?

Matt ( / pact-js / pact-go)

05/23/2022, 11:04 PM
If the consumer doesn’t know about it, it doesn’t belong in the consumer side
it sounds like a provider implementation detail, so should be part of the provider verification
Presumably, the side container must get some context from the consumer. Provider states could potential be part of the solution