diff --git a/src/main/java/sh/rhiobet/lalafin/api/FilePublicAPI.java b/src/main/java/sh/rhiobet/lalafin/api/FilePublicAPI.java
index d3fae4f..6e05403 100644
--- a/src/main/java/sh/rhiobet/lalafin/api/FilePublicAPI.java
+++ b/src/main/java/sh/rhiobet/lalafin/api/FilePublicAPI.java
@@ -49,6 +49,9 @@ public class FilePublicAPI {
     public Response getFileFromToken(String fileToken, @HeaderParam("Range") String range) {
         FileToken token = redisProviders.getRedisDataSource().value(FileToken.class).get(
                 "fileToken-" + fileToken);
+        if (token == null) {
+            return Response.status(Response.Status.FORBIDDEN).build();
+        }
         String decodedFile = URLDecoder.decode(token.file, StandardCharsets.UTF_8);
         if (request.remoteAddress().host().toString().equals(token.ip)
                 && System.currentTimeMillis() < token.timestamp + 172800000) {