First you don't need to generate key pairs on the server – you can use a bitcoin library to generate them within the mobile application itself. If you have set up your MultiChain blockchain to use bitcoin-compatible addresses, then an address generated by the bitcoin library will not need any changes for MultiChain (see https://www.multichain.com/developers/address-key-format/). Then (if you wish) the mobile application can send the server the public part of the address and it can be imported using (importaddress) into a node, so the node is able to track UTXOs for that addresses and prepare transactions for signing.
Second, in terms of signing, you can use a MultiChain node to prepare a transaction for signing (the createrawsendfrom API is most efficient), pass it to the mobile app which signs it, then send it back to the server for broadcast to the network. All MultiChain transactions are formatted using the bitcoin protocol format, so a bitcoin compatible library (like bitcoinjs) in the mobile appshould have no trouble signing them. The only issue is that MultiChain transactions contain some features (represented by OP_DROP and OP_RETURN data in bitcoin's format) which the library may be unfamiliar with, meaning you may have to remove some checks within the library to allow it to perform the signing. But that should be easy from examining its code.
We wouldn't recommend allowing the iOS app to call the MultiChain API directly, because that gives it far too much control if it gets hacked. Instead, you should build a very minimal service on the server which accepts instructions from the app and translates them into API calls. That will also allow you to do authentication and rate limiting as appropriate.
