diff --git a/core/Controller/WipeController.php b/core/Controller/WipeController.php
index 44f80dc55103e..6d3ff2aac1f91 100644
--- a/core/Controller/WipeController.php
+++ b/core/Controller/WipeController.php
@@ -42,18 +42,20 @@ public function __construct(
 	 * 404: Device should not be wiped
 	 */
 	#[FrontpageRoute(verb: 'POST', url: '/core/wipe/check')]
-	public function checkWipe(string $token): JSONResponse {
-		try {
-			if ($this->remoteWipe->start($token)) {
-				return new JSONResponse([
-					'wipe' => true
-				]);
+	public function checkWipe(string $token = ''): JSONResponse {
+		if ($token !== '') {
+			try {
+				if ($this->remoteWipe->start($token)) {
+					return new JSONResponse([
+						'wipe' => true
+					]);
+				}
+			} catch (InvalidTokenException $e) {
+				// do nothing special, handled below
 			}
-
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
 		}
+
+		return new JSONResponse([], Http::STATUS_NOT_FOUND);
 	}
 
 
@@ -74,15 +76,17 @@ public function checkWipe(string $token): JSONResponse {
 	 * 404: Device should not be wiped
 	 */
 	#[FrontpageRoute(verb: 'POST', url: '/core/wipe/success')]
-	public function wipeDone(string $token): JSONResponse {
-		try {
-			if ($this->remoteWipe->finish($token)) {
-				return new JSONResponse([]);
+	public function wipeDone(string $token = ''): JSONResponse {
+		if ($token !== '') {
+			try {
+				if ($this->remoteWipe->finish($token)) {
+					return new JSONResponse([]);
+				}
+			} catch (InvalidTokenException $e) {
+				// do nothing special, handled below
 			}
-
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		} catch (InvalidTokenException $e) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
 		}
+		
+		return new JSONResponse([], Http::STATUS_NOT_FOUND);
 	}
 }