diff --git a/rodan/urls.py b/rodan/urls.py
index 202df29da..01ffa909f 100644
--- a/rodan/urls.py
+++ b/rodan/urls.py
@@ -102,7 +102,7 @@
              url(r'^inputport/(?P<pk>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/$', InputPortDetail.as_view(), name="inputport-detail"),
              url(r'^resources/$', ResourceList.as_view(), name="resource-list"),
              url(r'^resource/(?P<pk>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/$', ResourceDetail.as_view(), name="resource-detail"),
-             url(r'^resource/(?P<pk>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/viewer/(?P<working_user_token>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/$', ResourceViewer.as_view(), name="resource-viewer"),
+             url(r'^resource/(?P<resource_uuid>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/(?P<working_user_token>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/$', ResourceViewer.as_view(), name="resource-viewer"),
              url(r'^resource/(?P<resource_uuid>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/acquire/$', ResourceAcquireView.as_view(), name='resource-viewer-acquire'),
              url(r'^resourcelists/$', ResourceListList.as_view(), name="resourcelist-list"),
              url(r'^resourcelist/(?P<pk>[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12})/$', ResourceListDetail.as_view(), name="resourcelist-detail"),
diff --git a/rodan/views/resource.py b/rodan/views/resource.py
index 38ec5ad9a..133031939 100755
--- a/rodan/views/resource.py
+++ b/rodan/views/resource.py
@@ -188,11 +188,11 @@ class ResourceViewer(APIView):
 
     def get(self, request, resource_uuid, working_user_token, *a, **k):
         # check expiry
-        working_user_expiry = 0
+        working_user_expiry = Tempauthtoken.objects.get(uuid=working_user_token).expiry
         if timezone.now() > working_user_expiry:
             raise CustomAPIException({'message': 'Permission denied'}, status=status.HTTP_401_UNAUTHORIZED)
 
-        resource = self.get_object()
+        resource = Resource.objects.get(uuid=resource_uuid)
         viewer = resource.get_viewer()
         if viewer == 'diva':
             return render(request, 'diva.html', {
@@ -242,6 +242,6 @@ def post(self, request, resource_uuid, *args, **kwargs):
         working_user_token = temp_token.uuid
 
         return Response({
-            'working_url': request.build_absolute_uri(reverse('resource-viewer', kwargs={'pk': str(resource_uuid), 'working_user_token': str(working_user_token)})),
+            'working_url': request.build_absolute_uri(reverse('resource-viewer', kwargs={'resource_uuid': str(resource_uuid), 'working_user_token': str(working_user_token)})),
             'working_user_expiry': expiry_date
         })