diff --git a/javascript/src/iframe/viamapi-iframe.js b/javascript/src/iframe/viamapi-iframe.js
index 4f2b83f4370ec8717479e42fc1e24691f3253b5c..e809e2697b251c495fb08cc9a48e8c2938bfcc2a 100644
--- a/javascript/src/iframe/viamapi-iframe.js
+++ b/javascript/src/iframe/viamapi-iframe.js
@@ -1212,7 +1212,8 @@ const connection = Penpal.connectToParent({
     },
 
     // WOPI
-    getPassports: async (resourceID, contentType) => {
+    // passportUUID is optional, if not supplied, tokens for all passports are returned
+    getPassports: async (resourceID, contentType, passportUUID) => {
       const authenticationPublicKey = localStorage.getItem("authenticatedIdentity");
 
       if (
@@ -1223,7 +1224,7 @@ const connection = Penpal.connectToParent({
         return encodeResponse("400", "", "Identity not authenticated");
       }
 
-      const response = await wopiAPI.getPassports(resourceID, contentType);
+      const response = await wopiAPI.getPassports(resourceID, contentType, passportUUID);
       return response.data;
     },
 
@@ -1249,11 +1250,12 @@ const connection = Penpal.connectToParent({
         config);
       if (executeResult.code !== "200") return executeResult;
       const resourceID = executeResult.data;
-      const passports = await wopiAPI.getPassports(resourceID, contentType);
+      const passports = await wopiAPI.getPassports(resourceID, contentType, passportUUID);
       return passports;
     },
 
-    wopiPutFile: async (path, accessToken, file) => {
+    // This function should not be used, client must issue direct wopi calls instead
+    wopiPutFile: async (resourceID, accessToken, file) => {
       const authenticationPublicKey = localStorage.getItem("authenticatedIdentity");
 
       if (
@@ -1264,7 +1266,7 @@ const connection = Penpal.connectToParent({
         return encodeResponse("400", "", "Identity not authenticated");
       }
 
-      const response = await wopiAPI.putDocument(path, accessToken, file);
+      const response = await wopiAPI.putDocument(resourceID, accessToken, file);
       return response.data;
     }
   }
diff --git a/javascript/src/iframe/wopiapi-iframe.js b/javascript/src/iframe/wopiapi-iframe.js
index 6e7794e5312f04a8716b0571ec0a99a057e75432..99a1f46c64856b88efa9c13be853845045de29d6 100644
--- a/javascript/src/iframe/wopiapi-iframe.js
+++ b/javascript/src/iframe/wopiapi-iframe.js
@@ -2,7 +2,11 @@ const axios = require('axios');
 
 function WopiAPI() {}
 
-WopiAPI.prototype.getPassports = function (resourceID, contentType) {
+// TODO create function generateAccessToken with the same semantics as getPassports,
+// TODO but with mandatory passportUUID, and return single access token object, not a list
+
+// passportUUID - optional uuid to filter result list
+WopiAPI.prototype.getPassports = function (resourceID, contentType, passportUUID) {
   const { publicKey, uuid, token, deviceHash } = window.viamApi.getConfig().headers;
   const requestConfig = {
     url: `${window.WOPI_URL}getPassports`,
@@ -13,7 +17,8 @@ WopiAPI.prototype.getPassports = function (resourceID, contentType) {
       token,
       deviceHash,
       resourceID: encodeURI(resourceID),
-      contentType: encodeURI(contentType)
+      contentType: encodeURI(contentType),
+      passportUuid: passportUUID
     }
   };