diff --git a/api/api.yaml b/api/api.yaml
index ed387a3..0c17f4d 100644
--- a/api/api.yaml
+++ b/api/api.yaml
@@ -27,6 +27,13 @@ info:
       <li>no whitespace</li>
       <li>at least 8 characters</li>
     </ul>
+  x-doc: |
+    status:
+    <ul>
+      <li>-10: deleted</li>
+      <li>0: newly added/changed</li>
+      <li>10: validated</li>
+    </ul>
 # TODO: Link to new documentation page
 
 
diff --git a/api/measurement.yaml b/api/measurement.yaml
index 53fe973..4386a15 100644
--- a/api/measurement.yaml
+++ b/api/measurement.yaml
@@ -22,8 +22,9 @@
       500:
         $ref: 'api.yaml#/components/responses/500'
   put:
-    summary: TODO change measurement
+    summary: change measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
+    x-doc: status is reset to 0 on any changes
     tags:
       - /measurement
     security:
@@ -33,7 +34,9 @@
       content:
         application/json:
           schema:
-            $ref: 'api.yaml#/components/schemas/Measurement'
+            properties:
+              values:
+                type: object
     responses:
       200:
         description: measurement details
@@ -52,7 +55,7 @@
       500:
         $ref: 'api.yaml#/components/responses/500'
   delete:
-    summary: TODO delete measurement
+    summary: delete measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
     tags:
       - /measurement
@@ -74,7 +77,7 @@
 
 /measurement/new:
   post:
-    summary: TODO add measurement
+    summary: add measurement
     description: 'Auth: basic, levels: write, maintain, dev, admin'
     x-doc: 'Adds status: 0 automatically'
     tags:
diff --git a/package-lock.json b/package-lock.json
index 839b669..4629b37 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -137,6 +137,12 @@
         "@types/range-parser": "*"
       }
     },
+    "@types/lodash": {
+      "version": "4.14.150",
+      "resolved": "https://registry.npmjs.org/@types/lodash/-/lodash-4.14.150.tgz",
+      "integrity": "sha512-kMNLM5JBcasgYscD9x/Gvr6lTAv2NVgsKtet/hm93qMyf/D1pt+7jeEZklKJKxMVmXjxbRVQQGfqDSfipYCO6w==",
+      "dev": true
+    },
     "@types/mime": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/@types/mime/-/mime-2.0.1.tgz",
@@ -1345,8 +1351,7 @@
     "lodash": {
       "version": "4.17.15",
       "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.15.tgz",
-      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A==",
-      "dev": true
+      "integrity": "sha512-8xOcRHvCjnocdS5cpwXQXVzmmh5e5+saE2QGoeQmbKmRS6J3VQppPOIt0MnmE+4xlZoumy0GPG0D0MVIQbNA1A=="
     },
     "log-symbols": {
       "version": "3.0.0",
diff --git a/package.json b/package.json
index 9a69ea2..e58c0a0 100644
--- a/package.json
+++ b/package.json
@@ -32,6 +32,7 @@
     "content-filter": "^1.1.2",
     "express": "^4.17.1",
     "json-schema": "^0.2.5",
+    "lodash": "^4.17.15",
     "mongo-sanitize": "^1.1.0",
     "mongoose": "^5.8.7",
     "nodemon": "^2.0.3",
@@ -40,6 +41,7 @@
     "typescript": "^3.7.4"
   },
   "devDependencies": {
+    "@types/lodash": "^4.14.150",
     "mocha": "^7.1.2",
     "should": "^13.2.3",
     "supertest": "^4.0.2"
diff --git a/src/index.ts b/src/index.ts
index 0c67dac..fc1b149 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -49,6 +49,7 @@ app.use('/', require('./routes/material'));
 app.use('/', require('./routes/template'));
 app.use('/', require('./routes/user'));
 app.use('/', require('./routes/condition'));
+app.use('/', require('./routes/measurement'));
 
 // static files
 app.use('/static', express.static('static'));
diff --git a/src/models/measurement.ts b/src/models/measurement.ts
new file mode 100644
index 0000000..401103b
--- /dev/null
+++ b/src/models/measurement.ts
@@ -0,0 +1,12 @@
+import mongoose from 'mongoose';
+import ConditionModel from './condition';
+import MeasurementTemplateModel from './measurement_template';
+
+const MeasurementSchema = new mongoose.Schema({
+  condition_id: {type: mongoose.Schema.Types.ObjectId, ref: ConditionModel},
+  values: mongoose.Schema.Types.Mixed,
+  status: Number,
+  measurement_template: {type: mongoose.Schema.Types.ObjectId, ref: MeasurementTemplateModel}
+});
+
+export default mongoose.model('measurement', MeasurementSchema);
\ No newline at end of file
diff --git a/src/routes/condition.spec.ts b/src/routes/condition.spec.ts
index 5884b2e..ec71ac3 100644
--- a/src/routes/condition.spec.ts
+++ b/src/routes/condition.spec.ts
@@ -1,7 +1,7 @@
 import should from 'should/as-function';
 import ConditionModel from '../models/condition';
 import TestHelper from "../test/helper";
-
+// TODO: status
 
 describe('/condition', () => {
   let server;
@@ -184,7 +184,7 @@ describe('/condition', () => {
         req: {parameters: {material: 'hot air', weeks: 10}}
       });
     });
-    it('rejects requests form a read user', done => {
+    it('rejects requests from a read user', done => {
       TestHelper.request(server, done, {
         method: 'put',
         url: '/condition/700000000000000000000001',
diff --git a/src/routes/condition.ts b/src/routes/condition.ts
index 687ea2a..a5639e6 100644
--- a/src/routes/condition.ts
+++ b/src/routes/condition.ts
@@ -48,8 +48,7 @@ router.put('/condition/' + IdValidate.parameter(), async (req, res, next) => {
   }
   if (!await treatmentCheck(condition, 'change', res, next)) return;
 
-  console.log(condition);
-  ConditionModel.findByIdAndUpdate(req.params.id, condition, {new: true}).lean().exec((err, data) => {
+  await ConditionModel.findByIdAndUpdate(req.params.id, condition, {new: true}).lean().exec((err, data) => {
     if (err) return next(err);
     res.json(ConditionValidate.output(data));
   });
@@ -64,7 +63,7 @@ router.delete('/condition/' + IdValidate.parameter(), (req, res, next) => {
       res.status(404).json({status: 'Not found'});
     }
     if (!await sampleIdCheck(data, req, res, next)) return;
-    ConditionModel.findByIdAndDelete(req.params.id).lean().exec(async err => {
+    await ConditionModel.findByIdAndDelete(req.params.id).lean().exec(async err => {
       if (err) return next(err);
       res.json({status: 'OK'});
     });
@@ -81,7 +80,7 @@ router.post('/condition/new', async (req, res, next) => {
   if (!await numberCheck(condition, res, next)) return;
   if (!await treatmentCheck(condition, 'new', res, next)) return;
 
-  new ConditionModel(condition).save((err, data) => {
+  await new ConditionModel(condition).save((err, data) => {
     if (err) return next(err);
     res.json(ConditionValidate.output(data.toObject()));
   });
@@ -113,7 +112,7 @@ async function numberCheck (condition, res, next) {  // validate number, returns
 
 async function treatmentCheck (condition, param, res, next) {
   const treatmentData = await TreatmentTemplateModel.findById(condition.treatment_template).lean().exec().catch(err => {next(err); return false;}) as any;
-  if (!treatmentData) {  // sample_id not found
+  if (!treatmentData) {  // template not found
     res.status(400).json({status: 'Treatment template not available'});
     return false
   }
diff --git a/src/routes/material.spec.ts b/src/routes/material.spec.ts
index 1e7e7ff..59bdd4a 100644
--- a/src/routes/material.spec.ts
+++ b/src/routes/material.spec.ts
@@ -1,7 +1,7 @@
 import should from 'should/as-function';
 import MaterialModel from '../models/material';
 import TestHelper from "../test/helper";
-
+// TODO: status
 
 describe('/material', () => {
   let server;
diff --git a/src/routes/material.ts b/src/routes/material.ts
index c6f0c60..fdb0c47 100644
--- a/src/routes/material.ts
+++ b/src/routes/material.ts
@@ -1,4 +1,5 @@
 import express from 'express';
+import _ from 'lodash';
 
 import MaterialValidate from './validate/material';
 import MaterialModel from '../models/material'
@@ -15,7 +16,7 @@ router.get('/materials', (req, res, next) => {
 
   MaterialModel.find({}).lean().exec((err, data) => {
     if (err) return next(err);
-    res.json(data.map(e => MaterialValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
+    res.json(_.compact(data.map(e => MaterialValidate.output(e))));  // validate all and filter null values from validation errors
   });
 });
 
diff --git a/src/routes/measurement.spec.ts b/src/routes/measurement.spec.ts
new file mode 100644
index 0000000..bba7ca8
--- /dev/null
+++ b/src/routes/measurement.spec.ts
@@ -0,0 +1,508 @@
+import should from 'should/as-function';
+import MeasurementModel from '../models/measurement';
+import TestHelper from "../test/helper";
+
+describe('/measurement', () => {
+  let server;
+  before(done => TestHelper.before(done));
+  beforeEach(done => server = TestHelper.beforeEach(server, done));
+  afterEach(done => TestHelper.afterEach(server, done));
+
+  describe('GET /mesurement/{id}', () => {
+    it('returns the right measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        res: {_id: '800000000000000000000001', condition_id: '700000000000000000000001', values: {dpt: [[3997.12558,98.00555],[3995.08519,98.03253],[3993.04480,98.02657]]}, measurement_template: '300000000000000000000001'}
+      });
+    });
+    it('returns the measurement for an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/measurement/800000000000000000000001',
+        auth: {key: 'janedoe'},
+        httpStatus: 200,
+        res: {_id: '800000000000000000000001', condition_id: '700000000000000000000001', values: {dpt: [[3997.12558,98.00555],[3995.08519,98.03253],[3993.04480,98.02657]]}, measurement_template: '300000000000000000000001'}
+      });
+    });
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/measurement/8000000000h0000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/measurement/000000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'get',
+        url: '/measurement/800000000000000000000001',
+        httpStatus: 401
+      });
+    });
+  });
+
+  describe('PUT /measurement/{id}', () => {
+    it('returns the right measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        req: {},
+        res: {_id: '800000000000000000000001', condition_id: '700000000000000000000001', values: {dpt: [[3997.12558,98.00555],[3995.08519,98.03253],[3993.04480,98.02657]]}, measurement_template: '300000000000000000000001'}
+      });
+    });
+    it('keeps unchanged values', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        req: {values: {dpt: [[3997.12558,98.00555],[3995.08519,98.03253],[3993.04480,98.02657]]}}
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({_id: '800000000000000000000001', condition_id: '700000000000000000000001', values: {dpt: [[3997.12558,98.00555],[3995.08519,98.03253],[3993.04480,98.02657]]}, measurement_template: '300000000000000000000001'});
+        MeasurementModel.findById('800000000000000000000001').lean().exec((err, data: any) => {
+          should(data).have.property('status', 10);
+          done();
+        });
+      });
+    });
+    it('changes the given values', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        req: {values: {dpt: [[1,2],[3,4],[5,6]]}}
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({_id: '800000000000000000000001', condition_id: '700000000000000000000001', values: {dpt: [[1,2],[3,4],[5,6]]}, measurement_template: '300000000000000000000001'});
+        MeasurementModel.findById('800000000000000000000001').lean().exec((err, data: any) => {
+          should(data).have.only.keys('_id', 'condition_id', 'values', 'measurement_template', 'status', '__v');
+          should(data.condition_id.toString()).be.eql('700000000000000000000001');
+          should(data.measurement_template.toString()).be.eql('300000000000000000000001');
+          should(data).have.property('status', 0);
+          should(data).have.property('values');
+          should(data.values).have.property('dpt', [[1,2],[3,4],[5,6]]);
+          done();
+        });
+      });
+    });
+    it('allows changing only one value', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        req: {values: {'weight %': 0.9}},
+        res: {_id: '800000000000000000000002', condition_id: '700000000000000000000002', values: {'weight %': 0.9, 'standard deviation': 0.2}, measurement_template: '300000000000000000000002'}
+      });
+    });
+    it('rejects not specified values', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {values: {'weight %': 0.9, 'standard deviation': 0.3, xx: 44}},
+        res: {status: 'Invalid body format', details: '"xx" is not allowed'}
+      });
+    });
+    it('rejects a value not in the value range', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000003',
+        auth: {basic: 'admin'},
+        httpStatus: 400,
+        req: {values: {val1: 4}},
+        res: {status: 'Invalid body format', details: '"val1" must be one of [1, 2, 3]'}
+      });
+    });
+    it('rejects a value below minimum range', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {values: {'weight %': -1, 'standard deviation': 0.3}},
+        res: {status: 'Invalid body format', details: '"weight %" must be larger than or equal to 0'}
+      });
+    });
+    it('rejects a value above maximum range', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {values: {'weight %': 0.9, 'standard deviation': 3}},
+        res: {status: 'Invalid body format', details: '"standard deviation" must be less than or equal to 0.5'}
+      });
+    });
+    it('rejects a new measurement template', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {values: {'weight %': 0.9, 'standard deviation': 0.3}, measurement_template: '300000000000000000000001'},
+        res: {status: 'Invalid body format', details: '"measurement_template" is not allowed'}
+      });
+    });
+    it('rejects editing a measurement for a write user who did not create this measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000003',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403,
+        req: {values: {val1: 2}}
+      });
+    });
+    it('accepts editing a measurement of another user for a maintain/admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        req: {values: {'weight %': 0.9, 'standard deviation': 0.3}},
+        res: {_id: '800000000000000000000002', condition_id: '700000000000000000000002', values: {'weight %': 0.9, 'standard deviation': 0.3}, measurement_template: '300000000000000000000002'}
+      });
+    });
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000h00000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/000000000000000000000002',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404
+      });
+    });
+    it('rejects an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {key: 'janedoe'},
+        httpStatus: 401,
+        req: {values: {'weight %': 0.9, 'standard deviation': 0.3}},
+      });
+    });
+    it('rejects requests from a read user', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        auth: {basic: 'user'},
+        httpStatus: 403,
+        req: {values: {'weight %': 0.9, 'standard deviation': 0.3}},
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'put',
+        url: '/measurement/800000000000000000000002',
+        httpStatus: 401,
+        req: {values: {'weight %': 0.9, 'standard deviation': 0.3}},
+      });
+    });
+  });
+
+  describe('DELETE /measurement/{id}', () => {
+    it('sets the status to deleted', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).be.eql({status: 'OK'});
+        MeasurementModel.findById('800000000000000000000001').lean().exec((err, data) => {
+          if (err) return done(err);
+          should(data).have.property('status', -1);
+          done();
+        });
+      });
+    });
+    it('rejects an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {key: 'janedoe'},
+        httpStatus: 401,
+      });
+    });
+    it('rejects requests from a read user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'user'},
+        httpStatus: 403,
+      });
+    });
+    it('rejects deleting a measurement for a write user who did not create this measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000003',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403,
+      });
+    });
+    it('accepts deleting a measurement of another user for a maintain/admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        res: {status: 'OK'}
+      });
+    });
+    it('rejects an invalid id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000h00000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404,
+      });
+    });
+    it('rejects an unknown id', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/000000000000000000000001',
+        auth: {basic: 'janedoe'},
+        httpStatus: 404,
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'delete',
+        url: '/measurement/800000000000000000000001',
+        httpStatus: 401,
+      });
+    });
+  });
+
+  describe('POST /measurement/new', () => {
+    it('returns the right measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).have.only.keys('_id', 'condition_id', 'values', 'measurement_template');
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('condition_id', '700000000000000000000001');
+        should(res.body).have.property('measurement_template', '300000000000000000000002');
+        should(res.body).have.property('values');
+        should(res.body.values).have.property('weight %', 0.8);
+        should(res.body.values).have.property('standard deviation', 0.1);
+        done();
+      });
+    });
+    it('stores the measurement', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 200,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      }).end((err, res) => {
+        if (err) return done(err);
+        MeasurementModel.findById(res.body._id).lean().exec((err, data: any) => {
+          if (err) return done(err);
+          should(data).have.only.keys('_id', 'condition_id', 'values', 'measurement_template', 'status', '__v');
+          should(data.condition_id.toString()).be.eql('700000000000000000000001');
+          should(data.measurement_template.toString()).be.eql('300000000000000000000002');
+          should(data).have.property('status', 0);
+          should(data).have.property('values');
+          should(data.values).have.property('weight %', 0.8);
+          should(data.values).have.property('standard deviation', 0.1);
+          done();
+        });
+      });
+    });
+    it('rejects an invalid condition id', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000h00000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Invalid body format', details: '"condition_id" with value "700000000000h00000000001" fails to match the required pattern: /[0-9a-f]{24}/'}
+      });
+    });
+    it('rejects a condition id not available', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '000000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Condition id not available'}
+      });
+    });
+    it('rejects an invalid measurement_template id', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '30000000000h000000000002'},
+        res: {status: 'Invalid body format', details: '"measurement_template" with value "30000000000h000000000002" fails to match the required pattern: /[0-9a-f]{24}/'}
+      });
+    });
+    it('rejects a measurement_template not available', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '000000000000000000000002'},
+        res: {status: 'Measurement template not available'}
+      });
+    });
+    it('rejects not specified values', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1, xx: 44}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Invalid body format', details: '"xx" is not allowed'}
+      });
+    });
+    it('rejects missing values', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Invalid body format', details: '"standard deviation" is required'}
+      });
+    });
+    it('rejects a value not in the value range', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {val1: 4}, measurement_template: '300000000000000000000003'},
+        res: {status: 'Invalid body format', details: '"val1" must be one of [1, 2, 3]'}
+      });
+    });
+    it('rejects a value below minimum range', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': -1, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Invalid body format', details: '"weight %" must be larger than or equal to 0'}
+      });
+    });
+    it('rejects a value above maximum range', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 2}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Invalid body format', details: '"standard deviation" must be less than or equal to 0.5'}
+      });
+    });
+    it('rejects a missing condition id', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'},
+        res: {status: 'Invalid body format', details: '"condition_id" is required'}
+      });
+    });
+    it('rejects a missing measurement_template', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 400,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}},
+        res: {status: 'Invalid body format', details: '"measurement_template" is required'}
+      });
+    });
+    it('rejects adding a measurement to the sample of another user for a write user', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'janedoe'},
+        httpStatus: 403,
+        req: {condition_id: '700000000000000000000003', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      });
+    });
+    it('accepts adding a measurement to the sample of another user for a maintain/admin user', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'admin'},
+        httpStatus: 200,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      }).end((err, res) => {
+        if (err) return done(err);
+        should(res.body).have.only.keys('_id', 'condition_id', 'values', 'measurement_template');
+        should(res.body).have.property('_id').be.type('string');
+        should(res.body).have.property('condition_id', '700000000000000000000001');
+        should(res.body).have.property('measurement_template', '300000000000000000000002');
+        should(res.body).have.property('values');
+        should(res.body.values).have.property('weight %', 0.8);
+        should(res.body.values).have.property('standard deviation', 0.1);
+        done();
+      });
+    });
+    it('rejects an API key', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {key: 'janedoe'},
+        httpStatus: 401,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      });
+    });
+    it('rejects requests from a read user', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        auth: {basic: 'user'},
+        httpStatus: 403,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      });
+    });
+    it('rejects unauthorized requests', done => {
+      TestHelper.request(server, done, {
+        method: 'post',
+        url: '/measurement/new',
+        httpStatus: 401,
+        req: {condition_id: '700000000000000000000001', values: {'weight %': 0.8, 'standard deviation': 0.1}, measurement_template: '300000000000000000000002'}
+      });
+    });
+  });
+});
\ No newline at end of file
diff --git a/src/routes/measurement.ts b/src/routes/measurement.ts
new file mode 100644
index 0000000..85bea0e
--- /dev/null
+++ b/src/routes/measurement.ts
@@ -0,0 +1,116 @@
+import express from 'express';
+import _ from 'lodash';
+
+import MeasurementModel from '../models/measurement';
+import ConditionModel from '../models/condition';
+import MeasurementTemplateModel from '../models/measurement_template';
+import MeasurementValidate from './validate/measurement';
+import IdValidate from './validate/id';
+import res400 from './validate/res400';
+import ParametersValidate from './validate/parameters';
+
+
+const router = express.Router();
+
+router.get('/measurement/' + IdValidate.parameter(), (req, res, next) => {
+  if (!req.auth(res, ['read', 'write', 'maintain', 'dev', 'admin'], 'all')) return;
+
+  MeasurementModel.findById(req.params.id).lean().exec((err, data) => {
+    if (err) return next(err);
+    if (!data) {
+      return res.status(404).json({status: 'Not found'});
+    }
+
+    res.json(MeasurementValidate.output(data));
+  });
+});
+
+router.put('/measurement/' + IdValidate.parameter(), async (req, res, next) => {
+  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;
+
+  const {error, value: measurement} = MeasurementValidate.input(req.body, 'change');
+  if (error) return res400(error, res);
+
+  const data = await MeasurementModel.findById(req.params.id).lean().exec().catch(err => {next(err);}) as any;
+  if (data instanceof Error) {
+    return;
+  }
+  if (!data) {
+    res.status(404).json({status: 'Not found'});
+  }
+  // add properties needed for conditionIdCheck
+  measurement.measurement_template = data.measurement_template;
+  measurement.condition_id = data.condition_id;
+  if (measurement.hasOwnProperty('values') && !_.isEqual(measurement.values, data.values)) {
+    measurement.status = 0;
+  }
+  if (!await conditionIdCheck(measurement, req, res, next)) return;
+  if (measurement.values) {
+    measurement.values = Object.assign(data.values, measurement.values);
+  }
+  if (!await templateCheck(measurement, 'change', res, next)) return;
+  await MeasurementModel.findByIdAndUpdate(req.params.id, measurement, {new: true}).lean().exec((err, data) => {
+    if (err) return next(err);
+    res.json(MeasurementValidate.output(data));
+  });
+});
+
+router.delete('/measurement/' + IdValidate.parameter(), (req, res, next) => {
+  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;
+
+  MeasurementModel.findById(req.params.id).lean().exec(async (err, data) => {
+    if (err) return next(err);
+    if (!data) {
+      res.status(404).json({status: 'Not found'});
+    }
+    if (!await conditionIdCheck(data, req, res, next)) return;
+    await MeasurementModel.findByIdAndUpdate(req.params.id, {status: -1}).lean().exec(async err => {
+      if (err) return next(err);
+      res.json({status: 'OK'});
+    });
+  });
+});
+
+router.post('/measurement/new', async (req, res, next) => {
+  if (!req.auth(res, ['write', 'maintain', 'dev', 'admin'], 'basic')) return;
+
+  const {error, value: measurement} = MeasurementValidate.input(req.body, 'new');
+  if (error) return res400(error, res);
+
+  if (!await conditionIdCheck(measurement, req, res, next)) return;
+  if (!await templateCheck(measurement, 'new', res, next)) return;
+
+  measurement.status = 0;
+  await new MeasurementModel(measurement).save((err, data) => {
+    if (err) return next(err);
+    res.json(MeasurementValidate.output(data.toObject()));
+  });
+});
+
+
+module.exports = router;
+
+
+async function conditionIdCheck (measurement, req, res, next) {  // validate condition_id, returns false if invalid
+  const sampleData = await ConditionModel.findById(measurement.condition_id).populate('sample_id').lean().exec().catch(err => {next(err); return false;}) as any;
+  if (!sampleData) {  // sample_id not found
+    res.status(400).json({status: 'Condition id not available'});
+    return false
+  }
+  if (sampleData.sample_id.user_id.toString() !== req.authDetails.id && !req.auth(res, ['maintain', 'admin'], 'basic')) return false;  // sample does not belong to user
+  return true;
+}
+
+async function templateCheck (measurement, param, res, next) {  // validate measurement_template and values
+  const templateData = await MeasurementTemplateModel.findById(measurement.measurement_template).lean().exec().catch(err => {next(err); return false;}) as any;
+  if (!templateData) {  // template not found
+    res.status(400).json({status: 'Measurement template not available'});
+    return false
+  }
+
+  // validate values
+  const {error, value: ignore} = ParametersValidate.input(measurement.values, templateData.parameters, param);
+  console.log(error);
+  if (error) {res400(error, res); return false;}
+  return true;
+}
\ No newline at end of file
diff --git a/src/routes/sample.spec.ts b/src/routes/sample.spec.ts
index 28acff9..d74703d 100644
--- a/src/routes/sample.spec.ts
+++ b/src/routes/sample.spec.ts
@@ -4,6 +4,8 @@ import NoteModel from '../models/note';
 import NoteFieldModel from '../models/note_field';
 import TestHelper from "../test/helper";
 // TODO: generate sample number
+// TODO: think again which parameters are required at POST
+// TODO: status
 
 describe('/sample', () => {
   let server;
diff --git a/src/routes/sample.ts b/src/routes/sample.ts
index 85619fa..abc5747 100644
--- a/src/routes/sample.ts
+++ b/src/routes/sample.ts
@@ -1,4 +1,5 @@
 import express from 'express';
+import _ from 'lodash';
 
 import SampleValidate from './validate/sample';
 import NoteFieldValidate from './validate/note_field';
@@ -17,7 +18,7 @@ router.get('/samples', (req, res, next) => {
 
   SampleModel.find({}).lean().exec((err, data) => {
     if (err) return next(err);
-    res.json(data.map(e => SampleValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
+    res.json(_.compact(data.map(e => SampleValidate.output(e))));  // validate all and filter null values from validation errors
   })
 });
 
@@ -141,7 +142,7 @@ router.get('/sample/notes/fields', (req, res, next) => {
 
   NoteFieldModel.find({}).lean().exec((err, data) => {
     if (err) return next(err);
-    res.json(data.map(e => NoteFieldValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
+    res.json(_.compact(data.map(e => NoteFieldValidate.output(e))));  // validate all and filter null values from validation errors
   })
 });
 
diff --git a/src/routes/template.ts b/src/routes/template.ts
index afd686e..2c0277c 100644
--- a/src/routes/template.ts
+++ b/src/routes/template.ts
@@ -1,4 +1,5 @@
 import express from 'express';
+import _ from 'lodash';
 
 import TemplateValidate from './validate/template';
 import TemplateTreatmentModel from '../models/treatment_template';
@@ -14,7 +15,7 @@ router.get('/template/:collection(measurements|treatments)', (req, res, next) =>
   (req.params.collection === 'treatments' ? TemplateTreatmentModel : TemplateMeasurementModel)
     .find({}).lean().exec((err, data) => {
      if (err) next (err);
-     res.json(data.map(e => TemplateValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
+     res.json(_.compact(data.map(e => TemplateValidate.output(e))));  // validate all and filter null values from validation errors
   });
 });
 
diff --git a/src/routes/user.ts b/src/routes/user.ts
index db78527..5a2485c 100644
--- a/src/routes/user.ts
+++ b/src/routes/user.ts
@@ -1,6 +1,7 @@
 import express from 'express';
 import mongoose from 'mongoose';
 import bcrypt from 'bcryptjs';
+import _ from 'lodash';
 
 import UserValidate from './validate/user';
 import UserModel from '../models/user';
@@ -14,7 +15,7 @@ router.get('/users', (req, res) => {
   if (!req.auth(res, ['admin'], 'basic')) return;
 
   UserModel.find({}).lean().exec(  (err, data:any) => {
-    res.json(data.map(e => UserValidate.output(e)).filter(e => e !== null));  // validate all and filter null values from validation errors
+    res.json(_.compact(data.map(e => UserValidate.output(e))));  // validate all and filter null values from validation errors
   });
 });
 
diff --git a/src/routes/validate/condition.ts b/src/routes/validate/condition.ts
index 10d90f5..f130076 100644
--- a/src/routes/validate/condition.ts
+++ b/src/routes/validate/condition.ts
@@ -4,8 +4,6 @@ import IdValidate from './id';
 
 export default class ConditionValidate {
   private static condition = {
-    sample_id: IdValidate.get(),
-
     number: Joi.string()
       .max(128),
 
@@ -14,20 +12,19 @@ export default class ConditionValidate {
         .try(
           Joi.string().max(128),
           Joi.number(),
-          Joi.boolean()
+          Joi.boolean(),
+          Joi.array()
         )
-      ),
-
-    treatment_template: IdValidate.get()
+      )
   }
 
   static input (data, param) {
     if (param === 'new') {
       return Joi.object({
-        sample_id: this.condition.sample_id.required(),
+        sample_id: IdValidate.get().required(),
         number: this.condition.number.required(),
         parameters: this.condition.parameters.required(),
-        treatment_template: this.condition.treatment_template.required()
+        treatment_template: IdValidate.get().required()
       }).validate(data);
     }
     else if (param === 'change') {
@@ -45,10 +42,10 @@ export default class ConditionValidate {
     data = IdValidate.stringify(data);
     const {value, error} = Joi.object({
       _id: IdValidate.get(),
-      sample_id: this.condition.sample_id,
+      sample_id: IdValidate.get(),
       number: this.condition.number,
       parameters: this.condition.parameters,
-      treatment_template: this.condition.treatment_template
+      treatment_template: IdValidate.get()
     }).validate(data, {stripUnknown: true});
     return error !== undefined? null : value;
   }
diff --git a/src/routes/validate/measurement.ts b/src/routes/validate/measurement.ts
new file mode 100644
index 0000000..0efaaea
--- /dev/null
+++ b/src/routes/validate/measurement.ts
@@ -0,0 +1,46 @@
+import Joi from '@hapi/joi';
+
+import IdValidate from './id';
+
+export default class MeasurementValidate {
+  private static measurement = {
+    values: Joi.object()
+      .pattern(/.*/, Joi.alternatives()
+        .try(
+          Joi.string().max(128),
+          Joi.number(),
+          Joi.boolean(),
+          Joi.array()
+        )
+      )
+  };
+
+  static input (data, param) {
+    if (param === 'new') {
+      return Joi.object({
+        condition_id: IdValidate.get().required(),
+        values: this.measurement.values.required(),
+        measurement_template: IdValidate.get().required()
+      }).validate(data);
+    }
+    else if (param === 'change') {
+      return Joi.object({
+        values: this.measurement.values
+      }).validate(data);
+    }
+    else {
+      return{error: 'No parameter specified!', value: {}};
+    }
+  }
+
+  static output (data) {
+    data = IdValidate.stringify(data);
+    const {value, error} = Joi.object({
+      _id: IdValidate.get(),
+      condition_id: IdValidate.get(),
+      values: this.measurement.values,
+      measurement_template: IdValidate.get()
+    }).validate(data, {stripUnknown: true});
+    return error !== undefined? null : value;
+  }
+}
\ No newline at end of file
diff --git a/src/routes/validate/parameters.ts b/src/routes/validate/parameters.ts
index ab1149b..d855815 100644
--- a/src/routes/validate/parameters.ts
+++ b/src/routes/validate/parameters.ts
@@ -6,7 +6,7 @@ export default class ParametersValidate {
     parameters.forEach(parameter => {
       if (parameter.range.hasOwnProperty('values')) {
         joiObject[parameter.name] = Joi.alternatives()
-          .try(Joi.string(), Joi.number(), Joi.boolean())
+          .try(Joi.string().max(128), Joi.number(), Joi.boolean())
           .valid(...parameter.range.values);
       }
       else if (parameter.range.hasOwnProperty('min') && parameter.range.hasOwnProperty('max')) {
@@ -22,9 +22,19 @@ export default class ParametersValidate {
         joiObject[parameter.name] = Joi.number()
           .max(parameter.range.max);
       }
+      else if (parameter.range.hasOwnProperty('type')) {
+        switch (parameter.range.type) {
+          case 'array':
+            joiObject[parameter.name] = Joi.array();
+            break;
+          default:
+            joiObject[parameter.name] = Joi.string().max(128);
+            break;
+        }
+      }
       else {
         joiObject[parameter.name] = Joi.alternatives()
-          .try(Joi.string(), Joi.number(), Joi.boolean());
+          .try(Joi.string().max(128), Joi.number(), Joi.boolean());
       }
       if (param === 'new') {
         joiObject[parameter.name] = joiObject[parameter.name].required()
diff --git a/src/test/db.json b/src/test/db.json
index 64079ef..01b06b3 100644
--- a/src/test/db.json
+++ b/src/test/db.json
@@ -229,6 +229,43 @@
         "__v": 0
       }
     ],
+    "measurements": [
+      {
+        "_id": {"$oid":"800000000000000000000001"},
+        "condition_id": {"$oid":"700000000000000000000001"},
+        "values": {
+          "dpt": [
+            [3997.12558,98.00555],
+            [3995.08519,98.03253],
+            [3993.04480,98.02657]
+          ]
+        },
+        "status": 10,
+        "measurement_template": {"$oid":"300000000000000000000001"},
+        "__v": 0
+      },
+      {
+        "_id": {"$oid":"800000000000000000000002"},
+        "condition_id": {"$oid":"700000000000000000000002"},
+        "values": {
+          "weight %": 0.5,
+          "standard deviation": 0.2
+        },
+        "status": 10,
+        "measurement_template": {"$oid":"300000000000000000000002"},
+        "__v": 0
+      },
+      {
+        "_id": {"$oid":"800000000000000000000003"},
+        "condition_id": {"$oid":"700000000000000000000003"},
+        "values": {
+          "val1": 1
+        },
+        "status": 0,
+        "measurement_template": {"$oid":"300000000000000000000003"},
+        "__v": 0
+      }
+    ],
     "treatment_templates": [
       {
         "_id": {"$oid":"200000000000000000000001"},
@@ -272,7 +309,9 @@
         "parameters": [
           {
             "name": "dpt",
-            "range": {}
+            "range": {
+              "type": "array"
+            }
           }
         ],
         "__v": 0
@@ -297,6 +336,19 @@
           }
         ],
         "__v": 0
+      },
+      {
+        "_id": {"$oid":"300000000000000000000003"},
+        "name": "mt 3",
+        "parameters": [
+          {
+            "name": "val1",
+            "range": {
+              "values": [1,2,3]
+            }
+          }
+        ],
+        "__v": 0
       }
     ],
     "users": [