diff --git a/.env.testing b/.env.testing
index 510ef957..540b1728 100644
--- a/.env.testing
+++ b/.env.testing
@@ -1,6 +1,6 @@
 APP_NAME=Laravel
 APP_ENV=local
-APP_KEY=base64:yzhXnwQenw4j+JAuM4CrRiNKyIznOSnET2NJFxW66CQ=
+APP_KEY=base64:w38JvwR4OwWaggjhc23zHJeOh/7hiHTf512npivEVNE=
 APP_DEBUG=true
 APP_URL=http://localhost
 APP_DEMO=false
diff --git a/src/Domain/Zip/Actions/GetItemsListFromUrlParamAction.php b/src/Domain/Zip/Actions/GetItemsListFromUrlParamAction.php
deleted file mode 100644
index 21bca86d..00000000
--- a/src/Domain/Zip/Actions/GetItemsListFromUrlParamAction.php
+++ /dev/null
@@ -1,39 +0,0 @@
-<?php
-namespace Domain\Zip\Actions;
-
-use Domain\Files\Models\File;
-use Domain\Folders\Models\Folder;
-
-class GetItemsListFromUrlParamAction
-{
-    public function __invoke(): array
-    {
-        $list = explode(',', request()->get('items'));
-
-        $itemList = collect($list)
-            ->map(function ($chunk) {
-                $items = explode('|', $chunk);
-
-                return [
-                    'id'   => $items[0],
-                    'type' => $items[1],
-                ];
-            });
-
-        $folderIds = $itemList
-            ->where('type', 'folder')
-            ->pluck('id');
-
-        $fileIds = $itemList
-            ->where('type', 'file')
-            ->pluck('id');
-
-        $folders = Folder::whereIn('id', $folderIds)
-            ->get();
-
-        $files = File::whereIn('id', $fileIds)
-            ->get();
-
-        return [$folders, $files];
-    }
-}
diff --git a/src/Domain/Zip/Controllers/VisitorZipController.php b/src/Domain/Zip/Controllers/VisitorZipController.php
index 3fcc5a9f..74c64e65 100644
--- a/src/Domain/Zip/Controllers/VisitorZipController.php
+++ b/src/Domain/Zip/Controllers/VisitorZipController.php
@@ -1,6 +1,9 @@
 <?php
 namespace Domain\Zip\Controllers;
 
+use Domain\Folders\Models\Folder;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\ValidationException;
 use ZipStream\ZipStream;
 use Illuminate\Http\Request;
 use Domain\Files\Models\File;
@@ -10,12 +13,10 @@ use App\Http\Controllers\Controller;
 use Domain\Traffic\Actions\RecordDownloadAction;
 use Domain\Sharing\Actions\ProtectShareRecordAction;
 use Domain\Sharing\Actions\VerifyAccessToItemAction;
-use Domain\Zip\Actions\GetItemsListFromUrlParamAction;
 
 class VisitorZipController extends Controller
 {
     public function __construct(
-        public GetItemsListFromUrlParamAction $getItemsListFromUrlParam,
         public ProtectShareRecordAction $protectShareRecord,
         public VerifyAccessToItemAction $verifyAccessToItem,
         public RecordDownloadAction $recordDownload,
@@ -23,11 +24,38 @@ class VisitorZipController extends Controller
     ) {
     }
 
+    /**
+     * @throws ValidationException
+     */
     public function __invoke(
         Request $request,
         Share $shared,
     ): ZipStream {
-        list($folders, $files) = ($this->getItemsListFromUrlParam)();
+        $items = extractItemsFromGetAttribute($request->get('items'));
+
+        // Validate items GET attribute
+        Validator::make(['items' => $items->toArray()], [
+            'items'        => 'array',
+            'items.*.id'   => 'required|uuid',
+            'items.*.type' => 'required|string',
+        ])->validate();
+
+        // Get list of folders and files from requested url parameter
+        $folderIds = $items
+            ->where('type', 'folder')
+            ->pluck('id');
+
+        $fileIds = $items
+            ->where('type', 'file')
+            ->pluck('id');
+
+        $folders = Folder::query()
+            ->whereIn('id', $folderIds)
+            ->get();
+
+        $files = File::query()
+            ->whereIn('id', $fileIds)
+            ->get();
 
         // Check access to requested folders
         if ($folders->isNotEmpty()) {
@@ -52,8 +80,7 @@ class VisitorZipController extends Controller
         $zip = ($this->zip)($folders, $files, $shared);
 
         ($this->recordDownload)(
-            file_size: $zip->predictZipSize(),
-            user_id: $shared->user_id,
+            $zip->predictZipSize(), $shared->user_id
         );
 
         return $zip;
diff --git a/src/Domain/Zip/Controllers/ZipController.php b/src/Domain/Zip/Controllers/ZipController.php
index 2b83618c..9ac4274d 100644
--- a/src/Domain/Zip/Controllers/ZipController.php
+++ b/src/Domain/Zip/Controllers/ZipController.php
@@ -1,34 +1,61 @@
 <?php
 namespace Domain\Zip\Controllers;
 
+use Domain\Files\Models\File;
+use Domain\Folders\Models\Folder;
+use Illuminate\Support\Facades\Validator;
+use Illuminate\Validation\ValidationException;
 use ZipStream\ZipStream;
 use Illuminate\Http\Request;
 use Domain\Zip\Actions\ZipAction;
 use App\Http\Controllers\Controller;
 use Domain\Traffic\Actions\RecordDownloadAction;
-use Domain\Zip\Actions\GetItemsListFromUrlParamAction;
 
 class ZipController extends Controller
 {
     public function __construct(
         public ZipAction $zip,
         public RecordDownloadAction $recordDownload,
-        public GetItemsListFromUrlParamAction $getItemsListFromUrlParam,
     ) {
     }
 
+    /**
+     * @throws ValidationException
+     */
     public function __invoke(
         Request $request,
     ): ZipStream {
+        $items = extractItemsFromGetAttribute($request->get('items'));
+
+        // Validate items GET attribute
+        Validator::make(['items' => $items->toArray()], [
+            'items'        => 'array',
+            'items.*.id'   => 'required|uuid',
+            'items.*.type' => 'required|string',
+        ])->validate();
+
         // Get list of folders and files from requested url parameter
-        list($folders, $files) = ($this->getItemsListFromUrlParam)();
+        $folderIds = $items
+            ->where('type', 'folder')
+            ->pluck('id');
+
+        $fileIds = $items
+            ->where('type', 'file')
+            ->pluck('id');
+
+        $folders = Folder::query()
+            ->whereIn('id', $folderIds)
+            ->get();
+
+        $files = File::query()
+            ->whereIn('id', $fileIds)
+            ->get();
 
         // Zip items
         $zip = ($this->zip)($folders, $files);
 
         ($this->recordDownload)(
-            file_size: $zip->predictZipSize(),
-            user_id: auth()->id(),
+            $zip->predictZipSize(), auth()->id()
         );
 
         return $zip;
diff --git a/src/Support/helpers.php b/src/Support/helpers.php
index 4b556380..6d73ad82 100644
--- a/src/Support/helpers.php
+++ b/src/Support/helpers.php
@@ -1178,3 +1178,34 @@ if (! function_exists('replace_occurrence')) {
         }
     }
 }
+
+if (!function_exists('extractItemsFromGetAttribute')) {
+    /**
+     * Extract items from get url attribute
+     */
+    function extractItemsFromGetAttribute(string $string): Collection
+    {
+        return collect(
+            explode(',', $string)
+        )->map(function ($chunk) {
+            // explode single attribute chunk
+            $items = explode('|', $chunk);
+
+            // Abort code if keys doesn't exists
+            if (! array_key_exists(0, $items) || ! array_key_exists(1, $items)) {
+                abort(
+                    response()->json([
+                        'type' => 'error',
+                        'message' => 'Incorrect argument format.',
+                    ], 422)
+                );
+            }
+
+            // return item attributes
+            return [
+                'id'   => $items[0],
+                'type' => $items[1],
+            ];
+        });
+    }
+}
diff --git a/tests/Domain/Files/FileTest.php b/tests/Domain/Files/FileTest.php
index 31f0c2a4..fa38d0c1 100644
--- a/tests/Domain/Files/FileTest.php
+++ b/tests/Domain/Files/FileTest.php
@@ -233,7 +233,7 @@ class FileTest extends TestCase
                         'id'   => $file->id,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         $this->assertDatabaseHas('files', [
             'id'        => $file->id,
@@ -288,7 +288,7 @@ class FileTest extends TestCase
                         'force_delete' => true,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         // Assert primary file was deleted
         Storage::assertMissing("files/$user->id/fake-image.jpeg");
@@ -328,7 +328,7 @@ class FileTest extends TestCase
                         'force_delete' => false,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         $files
             ->each(function ($file) {
@@ -379,7 +379,7 @@ class FileTest extends TestCase
                     'force_delete' => true,
                 ],
             ],
-        ])->assertStatus(204);
+        ])->assertStatus(200);
 
         $file_ids
             ->each(function ($id, $index) use ($user) {
diff --git a/tests/Domain/Folders/FolderTest.php b/tests/Domain/Folders/FolderTest.php
index 0507aa76..ac8c0b80 100644
--- a/tests/Domain/Folders/FolderTest.php
+++ b/tests/Domain/Folders/FolderTest.php
@@ -180,7 +180,7 @@ class FolderTest extends TestCase
                         'id'   => $children->id,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         $this->assertEquals(
             $root->id,
@@ -225,7 +225,7 @@ class FolderTest extends TestCase
                         'force_delete' => false,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         collect([$folder_1, $folder_2])
             ->each(function ($folder) {
@@ -273,7 +273,7 @@ class FolderTest extends TestCase
                         'force_delete' => true,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         $this->assertDatabaseMissing('folders', [
             'id' => $folder_1->id,
@@ -326,7 +326,7 @@ class FolderTest extends TestCase
                         'force_delete' => false,
                     ],
                 ],
-            ])->assertStatus(204);
+            ])->assertStatus(200);
 
         collect([$file_1, $file_2])
             ->each(function ($file) {
@@ -392,7 +392,7 @@ class FolderTest extends TestCase
                             'force_delete' => $index,
                         ],
                     ],
-                ])->assertStatus(204);
+                ])->assertStatus(200);
             });
 
         $uploaded_files
diff --git a/tests/Domain/Trash/TrashTest.php b/tests/Domain/Trash/TrashTest.php
index 8836daa9..f1232723 100644
--- a/tests/Domain/Trash/TrashTest.php
+++ b/tests/Domain/Trash/TrashTest.php
@@ -97,7 +97,7 @@ class TrashTest extends TestCase
                     'force_delete' => false,
                 ],
             ],
-        ])->assertStatus(204);
+        ])->assertStatus(200);
 
         $this->deleteJson('/api/trash/dump')
             ->assertStatus(200);