diff --git a/misc/conf.example.json b/misc/conf.example.json
index 14d5b11..87569ce 100644
--- a/misc/conf.example.json
+++ b/misc/conf.example.json
@@ -2,7 +2,7 @@
 	"general": {
 		"language": null,
 		"verbosity": "info",
-		"verification_secret": null
+		"verification_secret": "foobar"
 	},
 	"log": [
 		{
diff --git a/source/api/actions/invite_accept.ts b/source/api/actions/invite_accept.ts
index f15356f..e2c10ad 100644
--- a/source/api/actions/invite_accept.ts
+++ b/source/api/actions/invite_accept.ts
@@ -24,12 +24,20 @@ namespace _espe.api
 		lib_plankton.rest_http.register<
 			{
 				key : string;
-				membership_number_value : (null | string);
-				name_value : string;
-				email_address_value : (null | string);
-				groups_value : Array<string>;
+				data : {
+					membership_number : (null | string);
+					groups : Array<string>;
+					name : string;
+					email_address : (null | string);
+					password : (null | string);
+				};
 			},
-			null
+			Array<
+				{
+					incident : string;
+					details : Record<string, any>;
+				}
+			>
 		>(
 			rest_subject,
 			lib_plankton.http.enum_method.post,
@@ -53,27 +61,28 @@ namespace _espe.api
 				}),
 				"restriction": () => restriction_none,
 				"execution": () => async ({"input": input}) => {
-					if (input === null) {
+					if (input === null)
+					{
 						return Promise.resolve({
 							"status_code": 400,
 							"data": null
 						});
 					}
-					else {
-						try {
-							await _espe.service.invite.accept(
+					else
+					{
+						try
+						{
+							const flaws = await _espe.service.invite.accept(
 								input.key,
-								input.membership_number_value,
-								input.name_value,
-								input.email_address_value,
-								input.groups_value
+								input.data
 							);
 							return Promise.resolve({
 								"status_code": 200,
-								"data": null
+								"data": flaws
 							});
 						}
-						catch (error) {
+						catch (error)
+						{
 							return Promise.resolve({
 								"status_code": 404,
 								"data": null
diff --git a/source/services/invite.ts b/source/services/invite.ts
index 522b4f1..ccc3e06 100644
--- a/source/services/invite.ts
+++ b/source/services/invite.ts
@@ -248,65 +248,110 @@ namespace _espe.service.invite
 	
 	
 	/**
-	 * @todo heed expiry
-	 * @todo password?
 	 */
 	export async function accept(
 		key : _espe.type.invite_key,
-		membership_number_value : (null | string),
-		name_value : (null | string),
-		email_address_value : (null | string),
-		groups_value : Array<string>
-	) : Promise<void>
+		data : {
+			membership_number : (null | string);
+			groups : Array<string>;
+			name : (null | string);
+			email_address : (null | string);
+			password : (null | string);
+		}
+	)
+	: Promise<
+		Array<
+			{
+				incident : string;
+				details : Record<string, any>;
+			}
+		>
+	>
 	{
 		const invite_id : _espe.type.invite_id = await _espe.repository.invite.identify(key);
+		/**
+		 * might throw, but that's fine, since caught and handled in the API action
+		 */
 		const invite_object : _espe.type.invite_object = await _espe.repository.invite.read(invite_id);
 		const now : int = lib_plankton.base.get_current_timestamp(true);
-		if ((invite_object.expiry !== null) && (invite_object.expiry < now)) {
+		if ((invite_object.expiry !== null) && (invite_object.expiry < now))
+		{
 			return Promise.reject(new Error("expired"));
 		}
-		else {
-			const member_id : _espe.type.member_id = await _espe.service.member.project(
-				{
-					"membership_number": (
-						invite_object.membership_number_changeable
-						?
-						membership_number_value
-						:
-						invite_object.membership_number_value
-					),
-					"name_real_value": (
-						(
-							invite_object.name_changeable
-							&&
-							(name_value !== null)
-						)
-						?
-						name_value
-						:
-						invite_object.name_value
-					),
-					"email_address_private": (
-						(
-							invite_object.email_address_changeable
-							&&
-							(email_address_value !== null)
-						)
-						?
-						email_address_value
-						:
-						invite_object.email_address_value
-					),
-					"groups": (
-						invite_object.groups_changeable
-						?
-						groups_value
-						:
-						invite_object.groups_value
-					),
-				}
+		else
+		{
+			const password : string = (
+				(
+					(data.password !== null)
+					&&
+					(data.password !== "")
+				)
+				?
+				data.password
+				:
+				_espe.service.member.generate_password()
 			);
-			await _espe.repository.invite.delete_(invite_id);
+			const flaws_password : Array<
+				{
+					incident : string;
+					details : Record<string, any>;
+				}
+			> = _espe.service.member.validate_password(password);
+			if (flaws_password.length > 0)
+			{
+				return (
+					flaws_password
+					.map(flaw => ({"incident": ("password_" + flaw.incident), "details": flaw.details}))
+				);
+			}
+			else
+			{
+				const member_id : _espe.type.member_id = await _espe.service.member.add(
+					{
+						"membership_number": (
+							invite_object.membership_number_changeable
+							?
+							data.membership_number
+							:
+							invite_object.membership_number_value
+						),
+						"name_real_value": (
+							(
+								invite_object.name_changeable
+								&&
+								(data.name !== null)
+							)
+							?
+							data.name
+							:
+							invite_object.name_value
+						),
+						"email_address_private": (
+							(
+								invite_object.email_address_changeable
+								&&
+								(data.email_address !== null)
+							)
+							?
+							data.email_address
+							:
+							invite_object.email_address_value
+						),
+						"groups": (
+							invite_object.groups_changeable
+							?
+							data.groups
+							:
+							invite_object.groups_value
+						),
+						"password": password,
+					}
+				);
+				
+				await _espe.repository.invite.delete_(invite_id);
+				
+				return [];
+			}
 		}
 	}
 	
diff --git a/source/services/member.ts b/source/services/member.ts
index d8d4733..e8b6e70 100644
--- a/source/services/member.ts
+++ b/source/services/member.ts
@@ -46,7 +46,7 @@ namespace _espe.service.member
 	
 	/**
 	 */
-	function validate_password(
+	export function validate_password(
 		password : string
 	) : Array<{incident : string; details : Record<string, any>}>
 	{
@@ -59,7 +59,7 @@ namespace _espe.service.member
 	
 	/**
 	 */
-	function generate_password(
+	export function generate_password(
 	) : string
 	{
 		return _espe.helper.password.generate(
@@ -347,6 +347,55 @@ namespace _espe.service.member
 	}
 	
 	
+	/**
+	 * legt ein Mitglied an
+	 */
+	export async function add(
+		data : {
+			membership_number : (null | string);
+			name_real_value : string;
+			email_address_private : (null | string);
+			groups : Array<string>;
+			password : string;
+		},
+		{
+			"silent": silent = false,
+		} : {
+			silent ?: boolean;	
+		} = {
+		}
+	) : Promise<_espe.type.member_id>
+	{
+		const name_real_index : int = await _espe.service.name_index.next(data.name_real_value);
+		const object : _espe.type.member_object = {
+			"membership_number": data.membership_number,
+			"name_real_value": data.name_real_value,
+			"name_real_index": name_real_index,
+			"email_address_private": data.email_address_private,
+			"registered": false,
+			"enabled": true,
+			"email_use_veiled_address": false,
+			"email_use_nominal_address": false,
+			"email_redirect_to_private_address": false,
+			"email_allow_sending": false,
+			"password_image": await password_image(data.password),
+			"password_change_last_attempt": null,
+			"password_change_token": null,
+			"groups": data.groups,
+		};
+		const id : _espe.type.member_id = await _espe.repository.member.create(object);
+		if (silent)
+		{
+			// do nothing
+		}
+		else
+		{
+			signal_change();
+		}
+		return id;
+	}
+	
+	
 	/**
 	 * sendet an ein Mitglied eine E-Mail mit Aufforderung zur Registrierung
 	 */