This Knowledge Base documentation page bears a group of questions you might have with some of the Xray Exploratory App's configurations are:
Is there a possibility to customize the keys?
No, currently, we cannot create or use customized app keys.
What are the risks of using the keys provided in the instructions?
The risk of using the public key is next to none, as any unauthorized access to our app needs an instance Jira user. To get to your instance using XEA, one needs a customer/public key and one user. XEA's public key does NOT grant access to your instance at all. Only user details will grant that access.
Even if an outside entity/user obtains the username and password of an employee, it gets way more data accessing directly to Jira than it does through XEA, as XEA only accesses Test cases.
Brief Description of what the application link does and if there is any data transfer to our Servers:
In XEA, the application link is used to authorize the Exploratory App to connect to Jira, get Xray Tests, and Submit Test Executions. The user authenticates XEA using OAuth; we never store any user credentials. Only the OAuth token is stored in the user's local computer Data Base.
That being said, we can assure you that the information and communication are between XEA in the user's computer and the Jira Server. There is NO Xray middleware, so no data is going anywhere.
Which port must does XEA use and from which IP / to what IP connection will be established? This information is needed to create an exception in our firewall.
Referring to the IP: it is defined from your end; it's the IP of the PC where XEA is installed to the Jira Instance's IP.
When choosing the Port, XEA's first choice is *40000*. However, if that port is already in use, XEA will choose another one up to the *60000* port.