diff --git a/api/models.py b/api/models.py
index 80a4f1f..7707065 100644
--- a/api/models.py
+++ b/api/models.py
@@ -857,6 +857,7 @@ class OrderItemStatus(models.TextChoices):
     )
     comment = models.TextField(_("comment"), null=True, blank=True)
     token = models.CharField(_("token"), max_length=256, null=True, blank=True)
+    download_guid = models.UUIDField(_("download_guid"), null=True, blank=True)
 
     class Meta:
         db_table = "order_item"
diff --git a/api/tests/test_response_file.py b/api/tests/test_response_file.py
index 8cd6777..db791d3 100644
--- a/api/tests/test_response_file.py
+++ b/api/tests/test_response_file.py
@@ -66,12 +66,12 @@ def setUp(self):
         obj = self.addOrder({"title": "Order with tokened items"})
         items = obj.items.all()
         item = OrderItem.objects.get(id=items[0].id)
-        item.token = ITEM_EXISTS_UUID
+        item.download_guid = ITEM_EXISTS_UUID
         item.extract_result.name = "another_demo_file"
         item.save()
 
         item = OrderItem.objects.get(id=items[1].id)
-        item.token = ITEM_FILE_NOTFOUND_UUID
+        item.download_guid = ITEM_FILE_NOTFOUND_UUID
         item.extract_result.name = "missing_another_demo_file"
         item.save()
 
diff --git a/api/views.py b/api/views.py
index ea502df..a4215fe 100644
--- a/api/views.py
+++ b/api/views.py
@@ -598,7 +598,7 @@ class DownloadView(generics.RetrieveAPIView):
     def get(self, request, guid):
         queryset = Order.objects.filter(download_guid=guid)
         if not len(queryset):
-            queryset = OrderItem.objects.filter(token=guid)
+            queryset = OrderItem.objects.filter(download_guid=guid)
         if not len(queryset):
             return Response(
                 {"detail": _("No object matches given id")}, status=status.HTTP_404_NOT_FOUND)
diff --git a/urls.py b/urls.py
index 440bd03..232854c 100644
--- a/urls.py
+++ b/urls.py
@@ -84,7 +84,7 @@
     path(f'{ROOTURL}token/refresh/', TokenRefreshView.as_view(), name='token_refresh'),
     path(f'{ROOTURL}token/verify/', TokenVerifyView.as_view(), name='token_verify'),
     path(f'{ROOTURL}session-auth/', include('rest_framework.urls', namespace='rest_framework')),
-    path(f'{ROOTURL}validate/orderitem/<uuid:token>',
+    re_path(rf'^{ROOTURL}validate/orderitem/(?P<token>[a-zA-Z0-9_-]+)$',
             views.OrderItemByTokenView.as_view(), name='orderitem_validate'),
     path(f'{ROOTURL}admin/', admin.site.urls, name='admin'),
     path(f'{ROOTURL}', include(router.urls)),