How to list organization's private repositories via GitHub API?

Everything you are doing is OK. However, when creating OAuth tokens for authentication, be sure that you are defining the right scopes. Each scope defines a specific set of permitted actions (information you can read/write), so you should check that you are creating the token with the repo scope.

Your url needs a ? not an &. It should be this:

https://api.github.com/orgs/acme/repos?access_token=your_access_token

It should also be noted that if you are accessing private repositories from an Organization, the OAuth application needs to be authorized by the owners depending on the settings.

https://help.github.com/articles/authorizing-oauth-apps/

For organizations with OAuth App access restrictions, you can request that organization admins approve the application for use in that organization. If the organization does not approve the application, then the application will only be able to access the organization's public resources. If you're an organization admin, you can approve the application yourself.

For organizations without OAuth App access restrictions, the application will automatically be authorized for access to that organization's resources. For this reason, you should be careful about which OAuth Apps you approve for access to your personal account resources as well as any organization resources.