diff --git a/lib/api/builds.rb b/lib/api/builds.rb
index 16e4549d280e9faf42737c6fd61bcf3199f12b43..a519224d2b851d246c4f4f5cffb35aab70110372 100644
--- a/lib/api/builds.rb
+++ b/lib/api/builds.rb
@@ -27,7 +27,10 @@ module API
       # Example Request:
       #   GET /projects/:id/builds/commit/:sha
       get ':id/builds/commit/:sha' do
-        builds = user_project.ci_commits.find_by_sha(params[:sha]).builds.order('id DESC')
+        commit = user_project.ci_commits.find_by_sha(params[:sha])
+        return not_found! unless commit
+
+        builds = commit.builds.order('id DESC')
         builds = filter_builds(builds, params[:scope])
         present paginate(builds), with: Entities::Build
       end
@@ -65,7 +68,7 @@ module API
         body trace
       end
 
-      # cancel a specific build of a project
+      # Cancel a specific build of a project
       #
       # parameters:
       #   id (required) - the id of a project
@@ -83,7 +86,7 @@ module API
         present build, with: Entities::Build
       end
 
-      # cancel a specific build of a project
+      # Retry a specific build of a project
       #
       # parameters:
       #   id (required) - the id of a project
diff --git a/spec/requests/api/builds_spec.rb b/spec/requests/api/builds_spec.rb
new file mode 100644
index 0000000000000000000000000000000000000000..81c176c9fb084e34d801958b2942789c53740f19
--- /dev/null
+++ b/spec/requests/api/builds_spec.rb
@@ -0,0 +1,52 @@
+require 'spec_helper'
+
+describe API::API, api: true  do
+  include ApiHelpers
+
+  let(:user) { create(:user) }
+  let(:user2) { create(:user) }
+  let!(:project) { create(:project, creator_id: user.id) }
+  let!(:master) { create(:project_member, user: user, project: project, access_level: ProjectMember::MASTER) }
+  let!(:guest) { create(:project_member, user: user2, project: project, access_level: ProjectMember::GUEST) }
+
+  describe 'GET /projects/:id/builds ' do
+    context 'authorized user' do
+      it 'should return project builds' do
+        get api("/projects/#{project.id}/builds", user)
+
+        puts json_response
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return project builds' do
+        get api("/projects/#{project.id}/builds")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+
+  describe 'GET /projects/:id/builds/commit/:sha' do
+    context 'authorized user' do
+      it 'should return project builds for specific commit' do
+        project.ensure_ci_commit(project.repository.commit.sha)
+        get api("/projects/#{project.id}/builds/commit/#{project.ci_commits.first.sha}", user)
+
+        expect(response.status).to eq(200)
+        expect(json_response).to be_an Array
+      end
+    end
+
+    context 'unauthorized user' do
+      it 'should not return project builds' do
+        project.ensure_ci_commit(project.repository.commit.sha)
+        get api("/projects/#{project.id}/builds/commit/#{project.ci_commits.first.sha}")
+
+        expect(response.status).to eq(401)
+      end
+    end
+  end
+end