Indeed, if you control all names, you can revoke via the API. If you control fewer than all names, you have to do it via email.
Relatedly, it's risky for a hosting provider to group together names from unrelated customers on a single certificate, since any one of those customers could change their DNS and request the whole certificate be revoked. A lot of hosting providers avoid that scenario for that reason.