MIME Type
// Definition
A label (e.g. application/json, image/png, text/csv) that declares the format of a file or HTTP body, carried in the Content-Type header. Testing concerns include: mismatches between the declared type and actual content (a server returning HTML with Content-Type: application/json), frontend code that trusts the extension rather than the declared type, and upload endpoints that validate MIME type purely client-side — allowing an attacker to spoof it. Test by sending requests with mismatched Content-Type headers and verify the server rejects or handles them safely.
// Related terms
Validation
Checking that input or output conforms to expected rules — format, range, type, length, and business constraints. Client-side validation improves UX but must never be the only defence; server-side validation is the authority. Testing validation coverage includes: boundary values, type coercion, empty and null inputs, maximum lengths, and injection-dangerous characters. Distinct from verification (did we build it correctly?), though the two terms are frequently conflated.
Schema Validation
Asserting that an API request or response matches a defined schema (JSON Schema, OpenAPI, Protobuf). Catches contract drift the moment it appears, without writing field-by-field assertions in every test.
Endpoint
A specific URL exposed by an API that accepts requests and returns responses. Defined by its path, HTTP method, and contract.