I have 2 questions though:
1. Is it possible to verify for an external person that the transaction is a multi-signature transaction?
2. How do I get the sciptpubkey and the reedem key?
1. No. The can see that coins were sent to a P2SH address, which is the hash of a script, but they can't see what that script is until revealed. It could be multisig, it could be pay-to-address, it could be something strange. Of course, if you
want people to see that it was multisig, you can publish the script through some other means, and people will be able to see that it really does hash to the P2SH address shown.
2. You create them. Or, if someone else is managing the address,
they create them and then
maybe give them to you.