diff --git a/app/[locale]/share/attachment/[id]/route.tsx b/app/[locale]/share/attachment/[id]/route.tsx
index b8099f8..a2e711c 100644
--- a/app/[locale]/share/attachment/[id]/route.tsx
+++ b/app/[locale]/share/attachment/[id]/route.tsx
@@ -1,12 +1,49 @@
 import { fetchBillById } from '@/app/lib/actions/billActions';
 import { notFound } from 'next/navigation';
+import { extractShareId, validateShareChecksum } from '@/app/lib/shareChecksum';
+import { getDbClient } from '@/app/lib/dbClient';
+import { BillingLocation } from '@/app/lib/db-types';
 
-export async function GET(request: Request, { params:{ id } }: { params: { id:string } }) {
-    const [locationID, billID] = id.split('-');
+export async function GET(request: Request, { params: { id } }: { params: { id: string } }) {
+    // Parse shareId-billID format
+    // shareId = 40 chars (locationId 24 + checksum 16)
+    const shareId = id.substring(0, 40);
+    const billID = id.substring(41); // Skip the '-' separator
 
-    const [location, bill] = await fetchBillById(locationID, billID, true) ?? [];
+    if (!shareId || !billID) {
+        notFound();
+    }
 
-    if(!bill?.attachment) {
+    // Validate shareId and extract locationId
+    const extracted = extractShareId(shareId);
+    if (!extracted) {
+        notFound();
+    }
+
+    const { locationId: locationID, checksum } = extracted;
+
+    // Validate checksum
+    if (!validateShareChecksum(locationID, checksum)) {
+        notFound();
+    }
+
+    // Check TTL before fetching bill
+    const dbClient = await getDbClient();
+    const location = await dbClient.collection<BillingLocation>("lokacije")
+        .findOne({ _id: locationID }, { projection: { shareTTL: 1 } });
+
+    if (!location) {
+        notFound();
+    }
+
+    // Check if sharing is active and not expired
+    if (!location.shareTTL || new Date() > location.shareTTL) {
+        notFound();
+    }
+
+    const [_, bill] = await fetchBillById(locationID, billID, true) ?? [];
+
+    if (!bill?.attachment) {
         notFound();
     }
 
diff --git a/app/ui/ViewBillCard.tsx b/app/ui/ViewBillCard.tsx
index bcfe862..cdaeab6 100644
--- a/app/ui/ViewBillCard.tsx
+++ b/app/ui/ViewBillCard.tsx
@@ -100,7 +100,7 @@ export const ViewBillCard: FC<ViewBillCardProps> = ({ location, bill, shareId })
                     attachment ?
                         <span className="textarea textarea-bordered max-w-[400px] w-full grow">
                             <p className="font-bold uppercase">{t("attachment")}</p>
-                            <Link href={`/share/attachment/${locationID}-${billID}/`} target="_blank" className='text-center w-full max-w-[20em] text-nowrap truncate inline-block mt-2'>
+                            <Link href={`/share/attachment/${shareId || locationID}-${billID}/`} target="_blank" className='text-center w-full max-w-[20em] text-nowrap truncate inline-block mt-2'>
                                 <DocumentIcon className="h-[1em] w-[1em] text-2xl inline-block mr-1" />
                                 {decodeURIComponent(attachment.fileName)}
                             </Link>