One of the details left out of the documentation is that you need to enable the repo-related scopes when defining the personal access token.
Initially, I had used the default scope settings which don’t grant access to anything. I’m not surprised that didn’t work. My second attempt granted access to the repo scope, but that seems to apply only to private repositories.
My latest change granted access to the _admin:repohook scope. This scope includes read and write repository hooks.