At least the allowedFromDate has to be set to time restrict an authorization.
If you are reffering to Nuki Web: User data is only synced to the Nuki Web once per day (bc authorizations are always directly stored on the Smart Lock and not on our servers), so if you created a user and later changed the rights for it that would explain this. (But you should see the changes today.)
Some more detailed examples on how to set different restrictions can be found in this topic:
And, yes, curl on Windows is tricky. I use the Ubuntu bash (Ubuntu on Windows - Free download and install on Windows | Microsoft Store) on Windows. E.g. Lynx should also work fine for testing, if you want to use a (minimal) browser.