failure to use gitlab API via curl: HTTP/1.1 422 Unprocessable Entity -- InvalidAuthenticityToken

While trying to use GitLab (7.12) API via curl in order to create a project I reached what seems to be be a bug.

Started POST "/projects?private_token=[FILTERED]" for 127.0.0.1 at 2015-09-02 17:57:59 +0100
Processing by ProjectsController#create as JSON
  Parameters: {"name"=>"foobar2", "private_token"=>"[FILTERED]", "project"=>{"name"=>"foobar2"}}
Can't verify CSRF token authenticity
Completed 422 Unprocessable Entity in 2ms (ActiveRecord: 0.0ms)

ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):

Initially I tried without a token, and later, based on https://github.com/gitlabhq/gitlabhq/tree/master/doc/api I tried to use the token from the admin.

Still it seems that I continue to get the error Can't verify CSRF token authenticity even when a valid token was specified.

Here is example of API call:

curl -ni -H "Content-type: application/json" \
-H "Accept: application/json" \
-H "PRIVATE-TOKEN: 666vBGyQzPjmpEGea4oF" \
-X POST -d '{"name":"foobar2"}' https://gitlab.example.com/projects?private_token=666vBGyQzPjmpEGea4oF