Find out how to use Multisig function on Bitcoin Core RPC in a web-based alternate?

I’ve craeted a small on-line alternate primarily based on Bitcoin Core. The options on this utility are:

1. Person ship request to get a brand new handle, and the Bitcoin Core generate a brand new one with outlined passphrase.
2. Person can obtain BTC on his personal handle.
3. Person can ship BTC from his personal handle, and for this objective, I’ve used sendtoaddress after unlocking account with walletPassphrase.

On this state of affairs, there may be one sophisticated passphrase which is ready to unlock all accounts. However after studying about multisig function, I considered implementing a state of affairs on this regard on my utility. However there are some questions in my thoughts:

1. I’ve used a set passphrase in my codes whereas sending transactions. Concerning to multisig ideas, I want to make use of totally different personal keys to signal information as a substitute of utilizing a passphrase to unlock that account. Am I proper?
2. Because the operation in a web-based alternate needs to be do mechanically, I feel I’ve to make use of all required personal keys within the ultimate step of my codes. On this case, I feel I didn’t add any new safety mechanism to my utility as every thing is positioned beside one another. Can I cound on safety influence of multisig accounts in my utility in any respect?

I hope you may assist me so clear up these points in my thoughts.