One question you might have with some of the Xray Exploratory App's configurations are:
Is there a possibility to customize the keys
No, currently, we cannot create or use customized app keys.
What are the risks of using the keys provided in the instructions?
The risk of using the public key is next to none, as any unauthorized access to our app needs an instance Jira user. To get to your instance using XEA, one needs a customer/public key and one user. XEA's public key does NOT grant access to your instance at all. Only user details will grant that access.
Even if an outside entity/user obtains the username and password of an employee, it gets way more data accessing directly to Jira than it does through XEA, as XEA only accesses Test cases.
Brief Description of what the application link does and if there is any data transfer to our Servers:
In XEA, the application link is used to authorize the Exploratory App to connect to Jira, get Xray Tests, and Submit Test Executions. The user authenticates XEA using OAuth; we never store any user credentials. Only the OAuth token is stored in the user's local computer Data Base.
That being said, we can assure you that the information and communication are between XEA in the user's computer and the Jira Server. There is NO Xray middleware, so no data is going anywhere.