While we could support it via API, there’s some concern around it being a potential footgun. So automated revocation requires confirming control over all the affected domains.
There is potential abuse either way we go here, so we err on having a human in the loop on our end.