diff --git a/app/controllers/activities_controller.rb b/app/controllers/activities_controller.rb
index 38291b1ed..1e5fe18c4 100644
--- a/app/controllers/activities_controller.rb
+++ b/app/controllers/activities_controller.rb
@@ -40,7 +40,7 @@ def index
         self: request.original_url,
         next: @activities.size < page[:size] ? nil : request.base_url + "/activities?" + {
           query: params[:query],
-          "page[cursor]" => page[:cursor] ? Base64.strict_encode64(Array.wrap(@activities.to_a.last[:sort]).join(',')) : nil,
+          "page[cursor]" => page[:cursor] ? Base64.urlsafe_encode64(Array.wrap(@activities.to_a.last[:sort]).join(","), padding: false) : nil,
           "page[number]" => page[:cursor].nil? && page[:number].present? ? page[:number] + 1 : nil,
           "page[size]" => page[:size],
           sort: params[:sort] }.compact.to_query
diff --git a/app/controllers/concerns/paginatable.rb b/app/controllers/concerns/paginatable.rb
index e2e2eada7..428ae3e77 100644
--- a/app/controllers/concerns/paginatable.rb
+++ b/app/controllers/concerns/paginatable.rb
@@ -17,7 +17,8 @@ def page_from_params(params)
       if page.has_key?(:cursor)
         begin
           # When we decode and split, we'll always end up with an array
-          page[:cursor] = Base64.strict_decode64(page[:cursor].to_s).split(",")
+          # use urlsafe_decode to not worry about url-unsafe characters + and /
+          page[:cursor] = Base64.urlsafe_decode64(page[:cursor].to_s).split(",")
         rescue ArgumentError
           # If we fail to decode we'll just default back to an empty cursor
           page[:cursor] = []
diff --git a/app/controllers/dois_controller.rb b/app/controllers/dois_controller.rb
index 4b35be5a6..3a500a501 100644
--- a/app/controllers/dois_controller.rb
+++ b/app/controllers/dois_controller.rb
@@ -7,7 +7,7 @@ class DoisController < ApplicationController
   include Crosscitable
 
   prepend_before_action :authenticate_user!
-  before_action :set_doi, only: [:show, :destroy, :get_url]
+  before_action :set_doi, only: [:show, :get_url]
   before_action :set_include, only: [:index, :show, :create, :update]
   before_action :set_raven_context, only: [:create, :update, :validate]
 
@@ -181,7 +181,7 @@ def index
               "provider-id" => params[:provider_id],
               "client-id" => params[:client_id],
               # The cursor link should be an array of values, but we want to encode it into a single string for the URL
-              "page[cursor]" => page[:cursor] ? Base64.strict_encode64(Array.wrap(results.to_a.last[:sort]).join(',')) : nil,
+              "page[cursor]" => page[:cursor] ? Base64.urlsafe_encode64(Array.wrap(results.to_a.last[:sort]).join(','), padding: false) : nil,
               "page[number]" => page[:cursor].nil? && page[:number].present? ? page[:number] + 1 : nil,
               "page[size]" => page[:size] }.compact.to_query
             }.compact
@@ -316,7 +316,7 @@ def update
         @doi.assign_attributes(safe_params.slice(:client_id))
       else
         authorize! :update, @doi
-        @doi.assign_attributes(safe_params.except(:doi, :client_id).merge(exists: exists))
+        @doi.assign_attributes(safe_params.except(:doi, :client_id))
       end
     else
       doi_id = validate_doi(params[:id])
@@ -371,6 +371,9 @@ def undo
 
   def destroy
     logger = Logger.new(STDOUT)
+    @doi = Doi.where(doi: params[:id]).first
+    fail ActiveRecord::RecordNotFound unless @doi.present?
+
     authorize! :destroy, @doi
 
     if @doi.draft?
@@ -451,11 +454,9 @@ def status
   protected
 
   def set_doi
-    @doi = Doi.where(doi: params[:id]).first
+    response = Doi.find_by_id(params[:id])
+    @doi = response.records.first
     fail ActiveRecord::RecordNotFound unless @doi.present?
-
-    # capture username and password for reuse in the handle system
-    @doi.current_user = current_user
   end
 
   def set_include
diff --git a/app/controllers/events_controller.rb b/app/controllers/events_controller.rb
index fae71dd15..eb23ad287 100644
--- a/app/controllers/events_controller.rb
+++ b/app/controllers/events_controller.rb
@@ -157,7 +157,7 @@ def index
         "registrant-id" => params[:registrant_id],
         "publication-year" => params[:publication_year],
         "year-month" => params[:year_month],
-        "page[cursor]" => page[:cursor] ? Base64.strict_encode64(Array.wrap(results.to_a.last[:sort]).join(',')) : nil,
+        "page[cursor]" => page[:cursor] ? Base64.urlsafe_encode64(Array.wrap(results.to_a.last[:sort]).join(","), padding: false) : nil,
         "page[number]" => page[:cursor].nil? && page[:number].present? ? page[:number] + 1 : nil,
         "page[size]" => page[:size] }.compact.to_query
       }.compact