What happens if you go to https://[your canvas ur]l/search/all_courses/?

The List all courses API will show this error if the public course index is disabled: https://github.com/instructure/canvas-lms/blob/0045d19ea8f237443c560beb6aa6a1cd38bb4831/app/controll.... That is to say, your admin would need to enable the setting titled, "Show a searchable list of courses in this root account with the 'Include this course in the public course index' flag enabled."

As for whether you're using the API correctly, this API also only lists the courses that specifically opt in to showing up on that public course index. If you're looking for an API to search all courses, that'd be in the Accounts API: https://canvas.instructure.com/doc/api/accounts.html#method.accounts.courses_api. To get all courses in the Canvas instance, you'd use the /api/v1/accounts/self/courses endpoint. If your intention is only to show the courses that are in the public course index, you're using the right endpoint.

More generally, I'm assuming you're using a personal access token (i.e., you went to your user settings and clicked + New Access Token), your API access will match the access of the person who generated the access token (likely your own). If you're using a developer key with an OAuth2 authorization flow, your access will match that of whomever clicked the authorize button when launching the app. If the developer key has scopes enabled, your access is the cross-section of the user's permissions and the scopes for which the access token is allowed.

I hope this helps!