That's interesting. Normally API calls are by definition UTF-8, so I'm curious about your ISO8859 requirement.
If you want to just reject these message, if the message content type is set correctly, and you force a parse of the message, the forced parse will fail if the characters are outside the charset.
There are several ways to force a message parse: Schema validation is the strongest for XML type messages. For JSON type messages, you can do json schema as well. For raw text, it might be a bit harder. I think a couple of set context variable assertions, coercing the message into having an ISO8859-1 or -15 content-type would work.