Hello Geir,
What Jon said - and there are probably alternate ways of using the "in between" process. It could use pdm_load instead of Web Services for example.
If possible, you'd be best off capturing all of the client information in some third party system, and then creating an LDAP integration.
For example.
- All Employees would be part of an Active Directory (or similar).
Load up everyone who conceivably raise a ticket.
- All Customers will probably come through a web "sign up" form of some type, somewhere.
Have all of their details loaded up.
This way, when they do come in, they're known, and the ticket is created as normal, using their Contact details.
The other big picture item is that you would need to plan for a Denial of Service type attack, where someone could send your system a huge number of emails and create Contacts. There would need to be a guard against that from the start. This is where having that "intermediate step" is actually a good thing, as it means that authentication check has hopefully already happened.
Thanks, Kyle_R.