If a user is not an admin then they will have to be given individual access to most items you want them to access. The reader role mostly just gives you access to login. You then need to use “share” to give access to any streams you want to give access to to read the messages, or dashboards etc. You will also want to explore all the roles (you can also create custom roles in via api) and assign what you need for individual read access to features like sidecar.
You can test all of this by actually logging in to Graylog with the web UI using the account you created, as the web UI uses the exact api calls that you are using externally.