diff --git a/server/api/documents.js b/server/api/documents.js
index 0de6afd3..d570d037 100644
--- a/server/api/documents.js
+++ b/server/api/documents.js
@@ -2,7 +2,7 @@
 import Router from "koa-router";
 import Sequelize from "sequelize";
 import documentMover from "../commands/documentMover";
-import { InvalidRequestError } from "../errors";
+import { NotFoundError, InvalidRequestError } from "../errors";
 import auth from "../middlewares/authentication";
 import {
   Backlink,
@@ -411,6 +411,10 @@ async function loadDocument({ id, shareId, user }) {
       userId: user ? user.id : undefined,
       paranoid: false,
     });
+    if (!document) {
+      throw new NotFoundError();
+    }
+
     if (document.deletedAt) {
       authorize(user, "restore", document);
     } else {
@@ -456,6 +460,9 @@ router.post("documents.restore", auth(), async (ctx) => {
     userId: user.id,
     paranoid: false,
   });
+  if (!document) {
+    throw new NotFoundError();
+  }
 
   if (collectionId) {
     ctx.assertUuid(collectionId, "collectionId must be a uuid");
diff --git a/server/api/documents.test.js b/server/api/documents.test.js
index 61d04387..4d079253 100644
--- a/server/api/documents.test.js
+++ b/server/api/documents.test.js
@@ -185,6 +185,15 @@ describe("#documents.info", () => {
     expect(body.data.id).toEqual(document.id);
   });
 
+  it("should not error if document doesn't exist", async () => {
+    const user = await buildUser();
+
+    const res = await server.post("/api/documents.info", {
+      body: { token: user.getJwtToken(), id: "test" },
+    });
+    expect(res.status).toEqual(404);
+  });
+
   it("should require authorization without token", async () => {
     const { document } = await seed();
     const res = await server.post("/api/documents.info", {
@@ -1309,6 +1318,15 @@ describe("#documents.restore", () => {
     expect(res.status).toEqual(403);
   });
 
+  it("should not error if document doesn't exist", async () => {
+    const user = await buildUser();
+
+    const res = await server.post("/api/documents.restore", {
+      body: { token: user.getJwtToken(), id: "test" },
+    });
+    expect(res.status).toEqual(404);
+  });
+
   it("should require authentication", async () => {
     const res = await server.post("/api/documents.restore");
     const body = await res.json();