diff --git a/server/api/__snapshots__/documents.test.js.snap b/server/api/__snapshots__/documents.test.js.snap
index eaf3a72b..b2dbf607 100644
--- a/server/api/__snapshots__/documents.test.js.snap
+++ b/server/api/__snapshots__/documents.test.js.snap
@@ -8,6 +8,15 @@ Object {
 }
 `;
 
+exports[`#documents.delete should require authentication 1`] = `
+Object {
+  "error": "authentication_required",
+  "message": "Authentication required",
+  "ok": false,
+  "status": 401,
+}
+`;
+
 exports[`#documents.list should require authentication 1`] = `
 Object {
   "error": "authentication_required",
diff --git a/server/api/documents.js b/server/api/documents.js
index f17e7bbb..90feba8f 100644
--- a/server/api/documents.js
+++ b/server/api/documents.js
@@ -412,7 +412,7 @@ router.post('documents.delete', auth(), async ctx => {
   authorize(ctx.state.user, 'delete', document);
 
   const collection = document.collection;
-  if (collection.type === 'atlas') {
+  if (collection && collection.type === 'atlas') {
     // Delete document and all of its children
     await collection.removeDocument(document);
   }
diff --git a/server/api/documents.test.js b/server/api/documents.test.js
index 20280ffb..2dcc67e4 100644
--- a/server/api/documents.test.js
+++ b/server/api/documents.test.js
@@ -602,3 +602,41 @@ describe('#documents.update', async () => {
     expect(res.status).toEqual(403);
   });
 });
+
+describe('#documents.delete', async () => {
+  it('should allow deleting document', async () => {
+    const { user, document } = await seed();
+    const res = await server.post('/api/documents.delete', {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.success).toEqual(true);
+  });
+
+  it('should allow deleting document without collection', async () => {
+    const { user, document, collection } = await seed();
+
+    // delete collection without hooks to trigger document deletion
+    await collection.destroy({ hooks: false });
+    const res = await server.post('/api/documents.delete', {
+      body: { token: user.getJwtToken(), id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(200);
+    expect(body.success).toEqual(true);
+  });
+
+  it('should require authentication', async () => {
+    const { document } = await seed();
+    const res = await server.post('/api/documents.delete', {
+      body: { id: document.id },
+    });
+    const body = await res.json();
+
+    expect(res.status).toEqual(401);
+    expect(body).toMatchSnapshot();
+  });
+});