diff --git a/backend/api.go b/backend/api.go
index eeaa1f1..d9d73c3 100644
--- a/backend/api.go
+++ b/backend/api.go
@@ -17,8 +17,15 @@ type ApiHandler struct {
 
 const authTokenCookieName = "auth-token"
 const isAuthorizedContextKey = "is-authorized"
+const contentTypeHeaderKey = "Content-Type"
+const JsonMimeType = "application/json"
 
 func (h *ApiHandler) ServeLoginPost(writer http.ResponseWriter, request *http.Request) {
+	if !HasContentType(request, JsonMimeType) {
+		WriteError(writer, http.StatusBadRequest, "expected json body", nil)
+		return
+	}
+
 	bodyReader := request.Body
 	body, err := io.ReadAll(bodyReader)
 	_ = bodyReader.Close()
@@ -108,7 +115,7 @@ func IsAuthorized(request *http.Request) bool {
 }
 
 func WriteResponse(writer http.ResponseWriter, code int, body any) {
-	writer.Header().Set("Content-Type", "application/json")
+	writer.Header().Set(contentTypeHeaderKey, "application/json")
 	writer.WriteHeader(code)
 	_ = json.NewEncoder(writer).Encode(body)
 }
@@ -122,3 +129,8 @@ func WriteError(writer http.ResponseWriter, code int, message string, err error)
 		"message": message,
 	})
 }
+
+func HasContentType(request *http.Request, mimeType string) bool {
+	contentType := request.Header.Get(contentTypeHeaderKey)
+	return contentType == mimeType
+}