Your routers wouldn't speak HTTP. Your web service endpoint would talk to your network management middleware, which would then issue your respective IOS/NXOS/JunOS commands to your core or edge gear.
You'd grant your customers the ability to null route traffic from IP blocks (/24 or larger, because ain't nobody got memory to route blocks smaller than that in IPv4) so they wouldn't saturate their links with useless traffic. There was a discussion on the North American Network Operators Group (NANOG) mailing list a few weeks ago.
Disclaimer: I have operated large-scale networks for over a decade.
Sorry, but I call shenanigans on your having operated a large scale network.
Every carrier worth its salt will already let you use blackhole communities to mitigate attacks. You tag it, it gets dropped at the edge of your upstreams networks. Simple and effective. You don't need a web service or middleware for any of this.
Also, a route and netmask (generally) take exactly the same amount of memory regardless of the size of the network you're covering.
Routers shouldn't speak HTTP. People who don't know how to use blackhole communities have no business controlling them.