Replying to @coderbyheart
I confirmed this with calculating the body checksum on the shell using
openssl dgst -binary -sha256 | od -An -vtx1 | sed 's/[ \n]//g' | sed 'N;s/\n//'
Which will calculate the correct checksum, that the server expected.
1 reply
Replying to @coderbyheart
I found the issue: my query included a variable definition, that was not part of
the mutation, and server side, this variable is removed when calculating the
body hash. So AppSync actually parses the request body and manipulates it before
calculating the hash.