diff --git a/application/Api/v1/PreorderApicontroller.php b/application/Api/v1/PreorderApicontroller.php
index d5aa5440f..12892eb8d 100644
--- a/application/Api/v1/PreorderApicontroller.php
+++ b/application/Api/v1/PreorderApicontroller.php
@@ -535,6 +535,24 @@ class PreorderApicontroller extends mfBaseApicontroller {
       return mfResponse::Forbidden(['message' => "Bestellung in diesem Netzgebiet/Cluster nicht erlaubt"]);
     }
     
+    // check for allowed PreorderType in address
+    $allowed_freigabe = json_decode($address->freigabe);
+    if(!is_array($allowed_freigabe) || !count($allowed_freigabe)) {
+      return mfResponse::Forbidden(['message' => "Adresse (noch) nicht bestellbar"]);
+    }
+    if(!in_array($type, $allowed_freigabe)) {
+      return mfResponse::Forbidden(['message' => "Adresse (noch) nicht bestellbar"]);
+    }
+    
+    // check for allowed PreorderType in campaign
+    $allowed_campaigntypes = $this->campaign->types;
+    if(!is_array($allowed_campaigntypes) || !count($allowed_campaigntypes)) {
+      return mfResponse::Forbidden(['message' => "PreorderType not allowed"]);
+    }
+    if(!array_key_exists($type, $allowed_campaigntypes)) {
+      return mfResponse::Forbidden(['message' => "PreorderType not allowed"]);
+    }
+    
     /* 
      * build fields
      */