RESTful clients are free to transmit any content they wish to the server, and even try to negotiate different encoding formats like JSON instead of XML. That's part of the power of REST.
It's up to the server to validate that clients send correctly encoded data in the payload, and return a 400-range status code such as 400 - Bad Request
if they do not.
You will need to write all your server validation code yourself unless the REST API framework on the server side provides it for you.