Hi João,
Thanks for the fast feedback. I did include verify_email: false in the payload but I still got the email. That did give me a hint in the right direction.
Adding email_verified: true, to the payload, made sure the newly created passwordless email user did not receive an email.
Thanks @jmangelo :)!