token access with api returns "404 Project Not Found" on an internal project or public project with member only access to repository or private project

Summary

Steps to reproduce

1. Created an internal project on gitlab.com,added a README.md and a tag: 0.0.1 to test access of release data of the tag through the api.
2. Created a personal access token with access to api.
3. curl https://private_token:xxxxxxxxxxx@gitlab.com/api/v4/projects/2828837/repository/tags

Tested on private gitlab omnibus with gitlab-ci-token:

curl https://gitlab-ci-token:zzzzzzzzzzzzzzzzzz@gitlab.example.com/api/v4/projects/215/repository/tags 

Same issue !

Also tested with v3-api and same result.

Also tested with curl --header "PRIVATE-TOKEN: zzzzzzzzzzzz" https://... same result

Setting project as public with "Everyone one with access" gives the expected result.

What is the current bug behavior?

{"message":"404 Project Not Found"}

What is the expected correct behavior?

[{"name":"0.0.1",
"message":"test release",
"commit":{"id":"70e9ccd9d848ee6078ec861f9e16ac498a0245be",
"message":"Add readme.md","parent_ids":[],"authored_date":"2017-03-04T15:07:43.000+00:00",
"author_name":"Danny",
"author_email":"danny.goossen@gioxa.com",
"committed_date":"2017-03-04T15:07:43.000+00:00","committer_name":"Danny","committer_email":"danny.goossen@gioxa.com"},
"release":{"tag_name":"0.0.1","description":"first release\r\n"}}]

Output of checks

This bug happens on GitLab.com