Yes, Mime types are the recommended method. Since that's what all User Agents (browsers, etc) do, you can depend on it for default behavior.
By "magic bits" if you mean parsing the file header structures - yes, you could do that as an additional step if your risk is high i.e., your threat model involves a step where attackers upload a malicious file and that leads to some weakness. It clearly involves additional work on your part (consuming CPU cycles, thus increasing cost) that you should do only when the benefit is "worth it".
There is also the possibility of using file name extensions (e.g., .pdf for PDF format, .jpg / .jpeg for JPEG format, etc.) to detect file types (used quite often) - but again, this is slightly less reliable (my opinion, not proven fact) than using mime types.