Project's API Permissions token not valid for workflow start via API v1.1

I have created an API token in the section “API Permissions” on my project’s Settings page (https://circleci.com/:vcs/:org/:project/edit#api). Its scope is “all”. I used to be able to use this token for starting a build with API v1.0 by POST’ing to https://circleci.com/api/v1/project/:org/:project/tree/master?circle-token=:token.

When using the token for starting a workflow via API v1.1, I receive

{
  "message" : "Permission denied"
}

I am POST’ing using this cURL command:

curl -u ${TOKEN}: -X POST --header "Content-Type: application/json" -d '{"branch":"master"}' https://circleci.com/api/v1.1/project/github/:org/:project/build

If I create a personal API token and use that with the same command it works:

{
  "status" : 200,
  "body" : "Build created"
}

Is this not a bug?