It is possible to use the deSEC IP Update API to update a wildcard subdomain.

This works basically the same as updating a normal subdomain. Just use * (asterisk) as the subdomain name in the hostname parameter, e.g.: *.example.com or *.sub.example.com. See Determine Hostname.

If the same host provides services for more than one subdomain then using a wildcard subdomain may be easier than managing all of the individual subdomains.

Also if you want to avoid using CNAMEs to point additonal subdomains to the the records updated using the IP Update API, using a wildcard subdomain may be the solution.

For example consider a web server that serves multiple websites.

When using wildcard subdomains you will probably want to use wildcard TLS certificates as well. The details are out of scope for this post, except to note that e.g. Let’s Encrypt offers the DNS-01 challenge type which can be used with deSEC by appropriate ACME clients. (See ACME clients for a list of compatible clients.)

Make sure you know how wildcard subdomains work. There are some interesting edge cases and interactions that might otherwise be a cause for confusion. See Wildcard DNS record, RFC 1034 and RFC 4592 for more information.