If you’re running cURL on Windows, ensure inner double quotes are escaped with a backslash. Here’s an example payload on Windows:
curl -i -X POST -H "Content-Type: application/json" -d "{\"text\": \"Hello, this is some text\nThis is more text. :tada:\"}" http://{your-mattermost-site}/hooks/xxx-generatedkey-xxx
So maybe quoting the username, and then escaping the quotes with a second set of quotes would work?